Skip to main content

Questions tagged [cors]

Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries

Filter by
Sorted by
Tagged with
264 votes
8 answers
1.1m views

How do I add Access-Control-Allow-Origin in NGINX?

How do I set the Access-Control-Allow-Origin header so I can use web-fonts from my subdomain on my main domain? Notes: You'll find examples of this and other headers for most HTTP servers in the ...
Chris McKee's user avatar
  • 3,629
56 votes
8 answers
50k views

Chrome S3 Cloudfront: No 'Access-Control-Allow-Origin' header on initial XHR request

I have a webpage (https://smartystreets.com/contact) that uses jQuery to load some SVG files from S3 through the CloudFront CDN. In Chrome I will open an Incognito window as well as the console. Then ...
SunSparc's user avatar
  • 1,048
28 votes
4 answers
80k views

Setting Access-Control-Allow-Origin on Cloudfront

I am having problems serving static assets to Firefox using AWS Cloudfront. Chrome works perfect, but Firefox is returning a CORS error. If I execute curl , I get: HTTP/1.1 200 OK Content-Type: ...
Tony's user avatar
  • 445
22 votes
3 answers
36k views

How can I replace Access-Control-Allow-Origin header in proxy response with nginx

I am using a simple nginx instance to proxy REST calls to another server. The purpose of my proxy is to allow the use of cookies for authentication. I have it working, except for one problem. The ...
Michael Taylor's user avatar
11 votes
1 answer
6k views

nginx if statement inside location returns 404

The following block location / { if ($http_origin ~* (https?://[^/]*\.example\.com(:[0-9]+)?)) { add_header 'Access-Control-Allow-Origin' "$http_origin"; } try_files $uri $uri/ /...
Spyros Lambrinidis's user avatar
10 votes
3 answers
24k views

Disable authentication for HTTP OPTIONS method (preflight request) in Nginx

My problem is the exact same one as described here: Disable authentication for HTTP OPTIONS method (preflight request). I'm trying to use CORS and HTTP passwords at the same time. When the browser see ...
cleong's user avatar
  • 301
10 votes
2 answers
6k views

OPTIONS request to CloudFront distribution with managed CORS-With-Preflight policy returns 403

I have a CloudFront distribution with a default behavior that is configured to allow any CORS request including preflight requests. However, the OPTIONS request will fail with an HTTP 403 error (...
aaronk6's user avatar
  • 476
9 votes
2 answers
12k views

Apache Header Module Loaded but can't set headers in htaccess

I have Apache 2.2.29 (unix) setup and running on my new dev machine (mac). I am trying to set CORS headers for an API project - something that I have done many times. The htaccess file for the ...
Dan Lake's user avatar
8 votes
1 answer
8k views

Disable authentication for HTTP OPTIONS method (preflight request)

One recurring problem with CORS is that the spec prescribes request headers get stripped from the preflight request (HTTP OPTIONS). However if the server requires authentication, this means the ...
Jeroen Ooms's user avatar
  • 2,239
7 votes
1 answer
2k views

304 with CORS on apache

I have an REST API that returns a 304 Not Modified status code for some request (that have If-Modified-Since header). The problem is that the apache2 software strips any CORS header prior to the ...
user237329's user avatar
6 votes
1 answer
64k views

nginx Access Control Origin Header is configured but doesn't work

I am getting a XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested ...
zed's user avatar
  • 262
6 votes
1 answer
56k views

Nginx add headers and proxy_pass for CORS bypass

I want to make CORS site with API on proxy_pass server. But location / { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-...
eri's user avatar
  • 294
6 votes
1 answer
2k views

S3/Cloudfront CORS working on some files only

I'm really struggling to get Cloudfront and S3 to add Access-Control-Allow-Origin: * to the headers of video files stored on S3 (for inline video on iPhones - seems to be working everywhere else ...
beek's user avatar
  • 225
5 votes
1 answer
2k views

Is it impossible to have conditional headers in Nginx?

I am currently trying to only return a set of CORS headers conditionally using Nginx. At first it seemed like a simple task, as I already had this working config: upstream api-app { server unix:/tmp/...
Stefan Horning's user avatar
5 votes
1 answer
4k views

What AWS service to avoid CORS issues with S3 static content and aws backends

Introduction I've got the following architecture deployed on Amazon AWS. The goal is to expose a web application (single page application) acting as an entrypoint at https://app.acmecorp.com. This ...
ddewaele's user avatar
  • 333
5 votes
2 answers
7k views

Disable HTTP Authentication for OPTIONS requests in Tomcat

I have an API protected by HTTP Basic Authentication. When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets ...
4e4c52's user avatar
  • 173
4 votes
0 answers
3k views

Nginx, PM2, Node - No 'Access-Control-Allow- Origin' header

I have developed NodeJS server ran with express. I use PM2 to manage the application and then nginx to proxy requests to the application. My Express application has CORS, CSP etc set up. But, the ...
BugHunterUK's user avatar
4 votes
1 answer
7k views

nginx - CORS configuration that allows files to be served to localhost?

Here is my current nginx configuration file: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html ...
stamps's user avatar
  • 141
4 votes
0 answers
6k views

Set CORS headers on nginx

Addresses like http://vpsxxx.ovh.net/g/search?q=ok or http://vpsxxx.ovh.net/so/questions/34738694/how-to-move-items-on-the-screen-for-a-game-using-javascript are proxied well, when trying them from ...
caub's user avatar
  • 149
4 votes
2 answers
3k views

CORS headers not added in Apache

I've been working on this issue for days. I'm a developer and my knowledge of these things is very limited, still there's no one available in this company to assist me with this issue. This really has ...
Bv202's user avatar
  • 91
3 votes
1 answer
4k views

Cannot set CORSEnabled and CORSTrustedOrigins properties on ADFS 2019

The Problem: There are properties in ADFS 2019 that indicate that you can enable CORS Headers for the ADFS Login Page and set the allowed origins. Get-AdfsProperties CORSEnabled ...
Thomas Lazar's user avatar
3 votes
2 answers
2k views

CORS error - Website is not reachable (ERR_FAILED), then redirects and works by itself

Error: I get "This site can't be reached ..." and then it automatically redirects and then the page works. Please see the screengrab GIF below. This error happens in random unpredictable ...
Joseph's user avatar
  • 131
3 votes
2 answers
2k views

Nginx on ubuntu 12.04 keep refusing OPTIONS requests

I am trying do do cross domain Ajax calls inside an angular service in an ionic application tested in chrome. I am trying to do a POST on my API and nginx keep refusing my OPTIONS. XMLHttpRequest ...
Bassochette's user avatar
3 votes
1 answer
2k views

Disable authorisation on preflight OPTIONS request in HAProxy

We have a HAProxy setup which has basic auth on some of our backends. We now want to enable CORS requests to our backends but this is failing for those with basic auth enabled. When CORS makes it ...
RobC's user avatar
  • 31
3 votes
1 answer
612 views

Amazon CloudFront CORS specific delay

I am experiencing a delay between the serving of CORS requests but direct requests are served fine. I am using this to distribute media streams via HTTP so it is very important to reduce the startup ...
thequickbrownfox's user avatar
3 votes
0 answers
3k views

firefox throws CORS error but works fine in chrome

I have set the following in apache RequestHeader edit "If-None-Match" '^"((.*)-(gzip|br))"$' '"$1", "$2"' SetEnvIf Origin "^http(s)?:\/\/(.+\.)?(iac-dev-...
shorif2000's user avatar
3 votes
0 answers
4k views

.htaccess CORS headers not working

I've added the following at the top of my .htaccess file: <IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Headers "...
Joaquin Guevara's user avatar
3 votes
0 answers
735 views

Nginx allow cross origin requests in specific folder

How do I allow cross origin requests in only a specific folder or folders in Nginx? In apache, I have an .htaccess file in the folder with the following content: <FilesMatch "\.(json)$"> &...
Asa Carter's user avatar
3 votes
1 answer
3k views

Nginx proxying Nodejs (Dokku). CORS response headers not passing through

I'm using Dokku to host my app at DigitalOcean. Dokku run nginx 1.6 to proxy Docker apps simulating a Heroku-like environment. The app's all share similar default configs like below. My Node.js ...
Michael Cole's user avatar
2 votes
1 answer
7k views

Multiple CORS origins. Should I use if statement? - NginX

I have set up an NginX in order to serve some static files from an instance. The static files are to be used by 3 different domains that I own. The NginX server is on its own (4th) domain. I want ...
Nikolaos Paschos's user avatar
2 votes
1 answer
12k views

How to add Access-Control-Allow-Origin header in NGINX for one specific domain

I have problem with my nginx configuration. I want to add Access-Control-Allow-Origin header in nginx config, for one domain but for both http and https I tried this configuration, but it doesn't work:...
Xavier123's user avatar
2 votes
1 answer
12k views

nginx CORS on proxy pass: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource

I am moving my APIs from a subdomain to another without affecting already running applications. I have three servers configured on nginx such as: Original API server: server { listen 80; ...
zed's user avatar
  • 262
2 votes
1 answer
18k views

How to enable CORS in Nginx

I have tried every tutorial on the internet and on serverfault regarding this. No matter what I do, CORS is not working in nginx Here is my example.conf server { root /var/www/html; ...
Rahul Biswas's user avatar
2 votes
1 answer
2k views

How to add CORS headers to several locations in nginx?

I have been able to add a basic CORS support to my nginx server using the code provided in enable-cors.org. However this solution implies to copy and paste that code in every location block, and I ...
Pablo Lozano's user avatar
2 votes
1 answer
2k views

CloudFront drops Access-Control-Expose-Headers header when Accept-Encoding is set

I am trying to get CloudFront to serve a gzipped text file along with Content-Length: <bytes> and Access-Control-Expose-Headers: Content-Length headers so I can display the download progress ...
brianskold's user avatar
2 votes
1 answer
2k views

Zimbra and cross-origin framing

Let's say that I have a Zimbra webmail accessible at https://mail.example.com. I also have a web app at https://app.example.com. On one of the app's pages I am trying to embed the webmail: <iframe ...
bpiec's user avatar
  • 135
2 votes
0 answers
1k views

CloudFront CORS request using signed cookies and withCredentials, not sending back Access-Control-Allow-Credentials unless I include some extra header

I'm having a very strange issue that I can't seem to crack. I configured a private CloudFront distribution to serve content from a private S3 bucket. I am using signed cookies to grant access to the ...
bryan60's user avatar
  • 71
2 votes
0 answers
757 views

CORS is not working NGINX + DJANGO + REACT application

Existing nginx configuration given bellow. I tried in multiple way but nothing is working. server { server_name backend.xxxxxx.com www.backend.xxxxxx.com; client_max_body_size 100M; #...
Ariful Islam's user avatar
2 votes
1 answer
9k views

Angular CORS with Nginx

Several questions for the same topic on the net but nothing worked. I have a serverXYZ running an Angular app, a backend tomcat webapp for authentication, a nginx server. Angular app on port 4200, ...
glass's user avatar
  • 25
2 votes
2 answers
10k views

CORS blocked by No "Access-Control-Allow-Origin" on dockerized Angular frontend app and Spring Boot dockerized backend

I have built an Angular app and created a docker image, which makes it run on an Nginx server (once it is run). For the backend, I have a dockerized implementation as well. While trying to access the ...
Leo's user avatar
  • 21
2 votes
0 answers
1k views

How can I set Access-Control-Allow-Origin for multiple domains in apache2?

I have created an app in React with its backend in Python Django. I hosted the React app in Heroku and the Django app in AWS (apache2). I have faced a problem with CORS. I added the following ...
Ferose's user avatar
  • 131
2 votes
0 answers
615 views

CORS not works on Nginx

I need my application work with backend API on other domain. I use nginx 1.12.1 on Ubuntu 16.04. I added to my host config following (to the location ~ .php$ section): add_header 'Access-Control-...
atom-22's user avatar
  • 121
2 votes
1 answer
2k views

htaccess conditional header set is ignoring the condition

I'm trying to set headers if the origin is a particular site to solve a resource conflict I'm having (using Mautic hosted on a subdomain). If I add the headers for any situation I get a 500 error ...
Elenchus's user avatar
  • 121
2 votes
0 answers
6k views

nginx: CORS headers are not added for OPTIONS request

Consider this minimal nginx server configuration server: { listen 80; server_name myserver; location / { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-...
muffel's user avatar
  • 372
2 votes
0 answers
2k views

Apache 2 responding with 301 redirect on OPTIONS request

I'm trying to get my Angular 2 application running and everything is going relatively smoothly until I hit the API for some data. Apache is responding with a 301 redirect when Angular's http module ...
The Maniac's user avatar
2 votes
1 answer
2k views

CORS header set correctly in CURL but does not get set in when loading the page from a browser

I have a website which uses font-awesome and I want to use cloudfront as the CDN(my website runs on apache). I have enabled cors in the conf file for this site. Here is the conf file for my site: &...
The Flying Dutchman's user avatar
2 votes
0 answers
1k views

Error: No 'Access-Control-Allow-Origin' header is present on the requested resource. (NGINX)

I am using NGINX and I am receiving that error in the browser's console. I am so frustrated. According to my boss, I need to set up cors which what I did and still I am getting the same error. This ...
Reacting's user avatar
  • 223
1 vote
1 answer
15k views

IIS10 Cors Module Configuration to Allow Cors

I'm having an issue allowing CORS requests on IIS v10 with an 2016 windows azure server. I downloaded and installed the IIS Cors module that is supposed to help take care of this, but I can't seem to ...
RTDev123's user avatar
  • 141
1 vote
2 answers
3k views

webDAV and CORS

I see some strange behavior on my webServer. Trying to get keeWeb to accept a file from a webDAV share on a different server. If I want to add a WebDAV File which is entered in Form of: https://FQDN:...
embedded's user avatar
  • 476
1 vote
2 answers
2k views

How to add both CORS headers and Browser expired header in same conf

I need to add both expires headers AND allow cors in nginx If I add location ~* \.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|x-html|css|xml|js|woff|woff2|ttf|svg|eot)$ { expires 30d;} then the ...
ChrisMatthewsNZ's user avatar