This morning it seems like my
_headers file was being ignored. It has been working for months, but this morning when I did a deploy (that didn’t include any change to _headers) it stopped working, and I got CSRF errors:
Access to script at https://angry-boyd-1669aa.netlify.app/webflow_search.js from origin ... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
There were two deploys this morning that show the following:
No header rules processed This deploy did not include any header rules.
CSRF stopped working after these deploys.
Deploys before this morning were showing:
* **1 header rule processed** All header rules deployed without errors.
To get it working again I’ve had to add a netlify.toml file. Has something changed that mean _headers files are no longer working?
My _headers file:
/* Access-Control-Allow-Origin: *
My netlify.toml file added this morning:
[[headers]] # Define which paths this specific [[headers]] block will cover. for = "/*" [headers.values] Access-Control-Allow-Origin = "*"