_headers file not working

This morning it seems like my _headers file was being ignored. It has been working for months, but this morning when I did a deploy (that didn’t include any change to _headers) it stopped working, and I got CSRF errors:

Access to script at https://angry-boyd-1669aa.netlify.app/webflow_search.js from origin ... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

There were two deploys this morning that show the following:

No header rules processed
This deploy did not include any header rules.

CSRF stopped working after these deploys.

Deploys before this morning were showing:

* **1 header rule processed**
All header rules deployed without errors.

To get it working again I’ve had to add a netlify.toml file. Has something changed that mean _headers files are no longer working?

My _headers file:

  Access-Control-Allow-Origin: *

My netlify.toml file added this morning:

  # Define which paths this specific [[headers]] block will cover.
  for = "/*"
    Access-Control-Allow-Origin = "*"


Hey there, @mattnz :wave:

Thanks for reaching out and sharing this with us. I am not sure if something has changed with the headers file, but we are investigating. You can continue using the toml file right now and when we have more information we will follow up here.

Hi @mattnz

We’ve rolled out a fix for this issue, can you check if the error persists, please?

Let us know if this still happens!

Thanks, I’ve removed the toml file and yes just the _headers file seems to be working now.

Glad to hear that! If you need anything else let us know.