Questions tagged [cors]
Use this tag when you see a message in the browser devtools console about CORS (Cross-Origin Resource Sharing) — e.g., your browser logged an error about Access-Control-Allow-Origin, and you want to know how to eliminate the error. Also for other questions on the CORS protocol (defined in the Fetch Standard as a way to use response headers to tell browsers to relax the same-origin policy and allow cross-origin XHR/Fetch/Ajax requests).
cors
14,643
questions
3325
votes
16
answers
6.4m
views
Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
Mod note: This question is about why XMLHttpRequest/fetch/etc. on the browser are subject to the Same Access Policy restrictions (you get errors mentioning CORB or CORS) while Postman is not. This ...
1606
votes
20
answers
2.6m
views
How does the 'Access-Control-Allow-Origin' header work?
Apparently, I have completely misunderstood its semantics. I thought of something like this:
A client downloads JavaScript code MyCode.js from http://siteA - the origin.
The response header of MyCode....
1395
votes
35
answers
1.2m
views
Access-Control-Allow-Origin Multiple Origin Domains?
Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?
I'm aware of the *, but it is too open. I really want to allow just a couple domains.
As an example, ...
1306
votes
33
answers
3.9m
views
No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
I'm trying to fetch some data from the REST API of HP Alm. It works pretty well with a small curl script—I get my data.
Now doing that with JavaScript, fetch and ES6 (more or less) seems to be a ...
768
votes
37
answers
905k
views
Why doesn't adding CORS headers to an OPTIONS route allow browsers to access my API?
I am trying to support CORS in my Node.js application that uses the Express.js web framework. I have read a Google group discussion about how to handle this, and read a few articles about how CORS ...
731
votes
27
answers
2.4m
views
Response to preflight request doesn't pass access control check - No 'Access-Control-Allow-Origin' header
I'm getting this error using ngResource to call a REST API on Amazon Web Services:
XMLHttpRequest cannot load
http://server.apiurl.com:8000/s/login?login=facebook. Response to
preflight request doesn'...
611
votes
16
answers
716k
views
Why is an OPTIONS request sent and can I disable it?
I am building a web API. I found whenever I use Chrome to POST, GET to my API, there is always an OPTIONS request sent before the real request, which is quite annoying. Currently, I get the server to ...
596
votes
17
answers
835k
views
“Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
I'm developing a page that pulls images from Flickr and Panoramio via jQuery's AJAX support.
The Flickr side is working fine, but when I try to $.get(url, callback) from Panoramio, I see an error in ...
543
votes
9
answers
124k
views
What is the motivation behind the introduction of preflight CORS requests?
Cross-origin resource sharing is a mechanism that allows a web page to make XMLHttpRequests to another domain (from Wikipedia).
I've been fiddling with CORS for the last couple of days and I think I ...
515
votes
12
answers
1.2m
views
Trying to use fetch and pass in mode: no-cors
I can hit this endpoint, http://catfacts-api.appspot.com/api/facts?number=99 via Postman and it returns JSON
Additionally I am using create-react-app and would like to avoid setting up any server ...
503
votes
12
answers
802k
views
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
I have a setup involving
Frontend server (Node.js, domain: localhost:3000) <---> Backend (Django, Ajax, domain: localhost:8000)
Browser <-- webapp <-- Node.js (Serve the app)
Browser (...
483
votes
15
answers
638k
views
Access-Control-Allow-Origin wildcard subdomains, ports, and protocols
I'm trying to enable CORS for all subdomains, ports, and protocol.
For example, I want to be able to run an XHR request from http://sub.mywebsite.example:8080/ to https://www.mywebsite.example/*
...
452
votes
5
answers
349k
views
How can you debug a CORS request with cURL?
How can you debug CORS requests using cURL? So far I couldn't find a way to "simulate" the preflight request.
443
votes
27
answers
1.1m
views
Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
I have come across CORS issues multiple times and can usually fix it but I want to really understand by seeing this from a MEAN stack paradigm.
Before I simply added middleware in my express server ...
433
votes
3
answers
170k
views
What are the integrity and crossorigin attributes?
Bootstrapcdn recently changed their links. It now looks like this:
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha256-...