CORS Redirect is not allowed for a preflight request

Hello Everyone,
I have an OJS3.3 installation with multiple journals, each with a different domain name. We can describe the actual configuration as follow: configuration:

Apache2 VH configuration:

SetEnvIf Origin "http(s)?://(|$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin

But I’ve also tryed with a more generic ‘Header set Access-Control-Allow-Origin: “*”

When I try to make public the myjournal1 from the ‘Hosted Journals’ page:

I have the following CORS error:

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

because, despite being on domain ‘’ the request is made to domain ‘’.

My question is: shouldn’t this operation be performed on ‘
instead of link ‘’?

Also because, being on a different domain, you would have to log in twice. Maybe a bug?

Probably you need a rule like:

RewriteRule ^/(api/.*)$ /index.php/myjournal1/$1 [R=307,L]

This will rewrite the API calls preserving the parameters sent by the browser (due to the 307 HTTP status).

Can you give it a try?