Questions tagged [cors]
Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries
142
questions
264
votes
8
answers
1.1m
views
How do I add Access-Control-Allow-Origin in NGINX?
How do I set the Access-Control-Allow-Origin header so I can use web-fonts from my subdomain on my main domain?
Notes:
You'll find examples of this and other headers for most HTTP servers in the ...
56
votes
8
answers
50k
views
Chrome S3 Cloudfront: No 'Access-Control-Allow-Origin' header on initial XHR request
I have a webpage (https://smartystreets.com/contact) that uses jQuery to load some SVG files from S3 through the CloudFront CDN.
In Chrome I will open an Incognito window as well as the console. Then ...
28
votes
4
answers
80k
views
Setting Access-Control-Allow-Origin on Cloudfront
I am having problems serving static assets to Firefox using AWS Cloudfront.
Chrome works perfect, but Firefox is returning a CORS error.
If I execute curl , I get:
HTTP/1.1 200 OK
Content-Type: ...
22
votes
3
answers
36k
views
How can I replace Access-Control-Allow-Origin header in proxy response with nginx
I am using a simple nginx instance to proxy REST calls to another server. The purpose of my proxy is to allow the use of cookies for authentication. I have it working, except for one problem. The ...
11
votes
1
answer
6k
views
nginx if statement inside location returns 404
The following block
location / {
if ($http_origin ~* (https?://[^/]*\.example\.com(:[0-9]+)?)) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
try_files $uri $uri/ /...
10
votes
3
answers
24k
views
Disable authentication for HTTP OPTIONS method (preflight request) in Nginx
My problem is the exact same one as described here: Disable authentication for HTTP OPTIONS method (preflight request). I'm trying to use CORS and HTTP passwords at the same time. When the browser see ...
10
votes
2
answers
6k
views
OPTIONS request to CloudFront distribution with managed CORS-With-Preflight policy returns 403
I have a CloudFront distribution with a default behavior that is configured to allow any CORS request including preflight requests. However, the OPTIONS request will fail with an HTTP 403 error (...
9
votes
2
answers
12k
views
Apache Header Module Loaded but can't set headers in htaccess
I have Apache 2.2.29 (unix) setup and running on my new dev machine (mac). I am trying to set CORS headers for an API project - something that I have done many times.
The htaccess file for the ...
8
votes
1
answer
8k
views
Disable authentication for HTTP OPTIONS method (preflight request)
One recurring problem with CORS is that the spec prescribes request headers get stripped from the preflight request (HTTP OPTIONS). However if the server requires authentication, this means the ...
7
votes
1
answer
2k
views
304 with CORS on apache
I have an REST API that returns a 304 Not Modified status code for some request (that have If-Modified-Since header). The problem is that the apache2 software strips any CORS header prior to the ...
6
votes
1
answer
64k
views
nginx Access Control Origin Header is configured but doesn't work
I am getting a
XMLHttpRequest cannot load http://website2.com/ads/dev_642e92efb79421734881b53e1e1b18b6/5534f8e14d514_1.html. No 'Access-Control-Allow-Origin' header is present on the requested ...
6
votes
1
answer
56k
views
Nginx add headers and proxy_pass for CORS bypass
I want to make CORS site with API on proxy_pass server. But
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-...
6
votes
1
answer
2k
views
S3/Cloudfront CORS working on some files only
I'm really struggling to get Cloudfront and S3 to add Access-Control-Allow-Origin: * to the headers of video files stored on S3 (for inline video on iPhones - seems to be working everywhere else ...
5
votes
1
answer
2k
views
Is it impossible to have conditional headers in Nginx?
I am currently trying to only return a set of CORS headers conditionally using Nginx. At first it seemed like a simple task, as I already had this working config:
upstream api-app {
server unix:/tmp/...
5
votes
1
answer
4k
views
What AWS service to avoid CORS issues with S3 static content and aws backends
Introduction
I've got the following architecture deployed on Amazon AWS.
The goal is to expose a web application (single page application) acting as an entrypoint at https://app.acmecorp.com. This ...
5
votes
2
answers
7k
views
Disable HTTP Authentication for OPTIONS requests in Tomcat
I have an API protected by HTTP Basic Authentication.
When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets ...
4
votes
0
answers
3k
views
Nginx, PM2, Node - No 'Access-Control-Allow- Origin' header
I have developed NodeJS server ran with express. I use PM2 to manage the application and then nginx to proxy requests to the application.
My Express application has CORS, CSP etc set up. But, the ...
4
votes
1
answer
7k
views
nginx - CORS configuration that allows files to be served to localhost?
Here is my current nginx configuration file:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html ...
4
votes
0
answers
6k
views
Set CORS headers on nginx
Addresses like http://vpsxxx.ovh.net/g/search?q=ok or http://vpsxxx.ovh.net/so/questions/34738694/how-to-move-items-on-the-screen-for-a-game-using-javascript are proxied well, when trying them from ...
4
votes
2
answers
3k
views
CORS headers not added in Apache
I've been working on this issue for days. I'm a developer and my knowledge of these things is very limited, still there's no one available in this company to assist me with this issue. This really has ...
3
votes
1
answer
4k
views
Cannot set CORSEnabled and CORSTrustedOrigins properties on ADFS 2019
The Problem:
There are properties in ADFS 2019 that indicate that you can enable CORS Headers for the ADFS Login Page and set the allowed origins.
Get-AdfsProperties
CORSEnabled ...
3
votes
2
answers
2k
views
CORS error - Website is not reachable (ERR_FAILED), then redirects and works by itself
Error: I get "This site can't be reached ..." and then it automatically redirects and then the page works. Please see the screengrab GIF below.
This error happens in random unpredictable ...
3
votes
2
answers
2k
views
Nginx on ubuntu 12.04 keep refusing OPTIONS requests
I am trying do do cross domain Ajax calls inside an angular service in an ionic application tested in chrome.
I am trying to do a POST on my API and nginx keep refusing my OPTIONS.
XMLHttpRequest ...
3
votes
1
answer
2k
views
Disable authorisation on preflight OPTIONS request in HAProxy
We have a HAProxy setup which has basic auth on some of our backends. We now want to enable CORS requests to our backends but this is failing for those with basic auth enabled.
When CORS makes it ...
3
votes
1
answer
612
views
Amazon CloudFront CORS specific delay
I am experiencing a delay between the serving of CORS requests but direct requests are served fine. I am using this to distribute media streams via HTTP so it is very important to reduce the startup ...
3
votes
0
answers
3k
views
firefox throws CORS error but works fine in chrome
I have set the following in apache
RequestHeader edit "If-None-Match" '^"((.*)-(gzip|br))"$' '"$1", "$2"'
SetEnvIf Origin "^http(s)?:\/\/(.+\.)?(iac-dev-...
3
votes
0
answers
4k
views
.htaccess CORS headers not working
I've added the following at the top of my .htaccess file:
<IfModule mod_headers.c>
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "...
3
votes
0
answers
735
views
Nginx allow cross origin requests in specific folder
How do I allow cross origin requests in only a specific folder or folders in Nginx?
In apache, I have an .htaccess file in the folder with the following content:
<FilesMatch "\.(json)$">
&...
3
votes
1
answer
3k
views
Nginx proxying Nodejs (Dokku). CORS response headers not passing through
I'm using Dokku to host my app at DigitalOcean. Dokku run nginx 1.6 to proxy Docker apps simulating a Heroku-like environment. The app's all share similar default configs like below.
My Node.js ...
2
votes
1
answer
7k
views
Multiple CORS origins. Should I use if statement? - NginX
I have set up an NginX in order to serve some static files from an instance.
The static files are to be used by 3 different domains that I own.
The NginX server is on its own (4th) domain. I want ...
2
votes
1
answer
12k
views
How to add Access-Control-Allow-Origin header in NGINX for one specific domain
I have problem with my nginx configuration. I want to add Access-Control-Allow-Origin header in nginx config, for one domain but for both http and https
I tried this configuration, but it doesn't work:...
2
votes
1
answer
12k
views
nginx CORS on proxy pass: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
I am moving my APIs from a subdomain to another without affecting already running applications. I have three servers configured on nginx such as:
Original API server:
server {
listen 80;
...
2
votes
1
answer
18k
views
How to enable CORS in Nginx
I have tried every tutorial on the internet and on serverfault regarding this. No matter what I do, CORS is not working in nginx
Here is my example.conf
server {
root /var/www/html;
...
2
votes
1
answer
2k
views
How to add CORS headers to several locations in nginx?
I have been able to add a basic CORS support to my nginx server using the code provided in enable-cors.org. However this solution implies to copy and paste that code in every location block, and I ...
2
votes
1
answer
2k
views
CloudFront drops Access-Control-Expose-Headers header when Accept-Encoding is set
I am trying to get CloudFront to serve a gzipped text file along with Content-Length: <bytes> and Access-Control-Expose-Headers: Content-Length headers so I can display the download progress ...
2
votes
1
answer
2k
views
Zimbra and cross-origin framing
Let's say that I have a Zimbra webmail accessible at https://mail.example.com. I also have a web app at https://app.example.com. On one of the app's pages I am trying to embed the webmail:
<iframe ...
2
votes
0
answers
1k
views
CloudFront CORS request using signed cookies and withCredentials, not sending back Access-Control-Allow-Credentials unless I include some extra header
I'm having a very strange issue that I can't seem to crack. I configured a private CloudFront distribution to serve content from a private S3 bucket. I am using signed cookies to grant access to the ...
2
votes
0
answers
757
views
CORS is not working NGINX + DJANGO + REACT application
Existing nginx configuration given bellow. I tried in multiple way but nothing is working.
server {
server_name backend.xxxxxx.com www.backend.xxxxxx.com;
client_max_body_size 100M;
#...
2
votes
1
answer
9k
views
Angular CORS with Nginx
Several questions for the same topic on the net but nothing worked.
I have a serverXYZ running an Angular app, a backend tomcat webapp for authentication, a nginx server. Angular app on port 4200, ...
2
votes
2
answers
10k
views
CORS blocked by No "Access-Control-Allow-Origin" on dockerized Angular frontend app and Spring Boot dockerized backend
I have built an Angular app and created a docker image, which makes it run on an Nginx server (once it is run). For the backend, I have a dockerized implementation as well. While trying to access the ...
2
votes
0
answers
1k
views
How can I set Access-Control-Allow-Origin for multiple domains in apache2?
I have created an app in React with its backend in Python Django. I hosted the React app in Heroku and the Django app in AWS (apache2). I have faced a problem with CORS.
I added the following ...
2
votes
0
answers
615
views
CORS not works on Nginx
I need my application work with backend API on other domain. I use nginx 1.12.1 on Ubuntu 16.04.
I added to my host config following (to the location ~ .php$ section):
add_header 'Access-Control-...
2
votes
1
answer
2k
views
htaccess conditional header set is ignoring the condition
I'm trying to set headers if the origin is a particular site to solve a resource conflict I'm having (using Mautic hosted on a subdomain).
If I add the headers for any situation I get a 500 error ...
2
votes
0
answers
6k
views
nginx: CORS headers are not added for OPTIONS request
Consider this minimal nginx server configuration
server: {
listen 80;
server_name myserver;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-...
2
votes
0
answers
2k
views
Apache 2 responding with 301 redirect on OPTIONS request
I'm trying to get my Angular 2 application running and everything is going relatively smoothly until I hit the API for some data.
Apache is responding with a 301 redirect when Angular's http module ...
2
votes
1
answer
2k
views
CORS header set correctly in CURL but does not get set in when loading the page from a browser
I have a website which uses font-awesome and I want to use cloudfront as the CDN(my website runs on apache). I have enabled cors in the conf file for this site.
Here is the conf file for my site:
&...
2
votes
0
answers
1k
views
Error: No 'Access-Control-Allow-Origin' header is present on the requested resource. (NGINX)
I am using NGINX and I am receiving that error in the browser's console.
I am so frustrated.
According to my boss, I need to set up cors which what I did and still I am getting the same error.
This ...
1
vote
1
answer
15k
views
IIS10 Cors Module Configuration to Allow Cors
I'm having an issue allowing CORS requests on IIS v10 with an 2016 windows azure server. I downloaded and installed the IIS Cors module that is supposed to help take care of this, but I can't seem to ...
1
vote
2
answers
3k
views
webDAV and CORS
I see some strange behavior on my webServer.
Trying to get keeWeb to accept a file from a webDAV share on a different server.
If I want to add a WebDAV File which is entered in Form of:
https://FQDN:...
1
vote
2
answers
2k
views
How to add both CORS headers and Browser expired header in same conf
I need to add both expires headers AND allow cors in nginx
If I add
location ~* \.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|x-html|css|xml|js|woff|woff2|ttf|svg|eot)$ {
expires 30d;}
then the ...