CORS error even when set to allow *

Hi!

We’ve got a SPA written in Angular and we’re trying to do some user session tracking with Matomo. We get CORS errors:

Access to XMLHttpRequest at ‘https://matomo.server.com/matomo.php’ from origin ‘https://spa.app.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

This seems to happen with the .php request, while the .js request succeeds.