Hey all, over the last day or so, Netlify Large Media started blocking my localhost via CORS policy when trying to view a page in the Netlify CMS admin. Getting this error:
Access to fetch at 'https://mixmax.com/.netlify/large-media/origin/xxxxx?nf_resize=fit&w=560&h=320'
from origin 'http://localhost:8084' has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. If an opaque response serves your needs, set the
request's mode to 'no-cors' to fetch the resource with CORS disabled.
Obviously the ID after origin/ are different than above, but wanted to leave that out in case of security issues. I haven’t changed any headers in my site over the last few months. I do have dependabot auto-merging patch updates of packages, but major version changes DO NOT get auto-merged and no major version changes have been merged recently (over the last few weeks).
I’ve been searching all day for a solution, but can’t seem to come to one. One thing that has changed in the last day is we stopped a split-test we’d been running for the past few months and are now back on our master branch only.
Hmm I’ve been using localhost successfully for the past couple months after installing Netlify Large Media, did something change recently that I need to be on HTTPS?
Hi @bobeartow, can you share the network traffic for that request and possibly the pre-flight OPTIONS request.
Running curl -XOPTIONS -i -H "Origin: http://localhost:8084" -H "Authorization: Bearer notoken" https://mixmax.com/.netlify/large-media returns:
Hi @bobeartow, sorry for not being clear enough. I was referring to the browser traffic visible under the network tab when you open the Developer Tools. When you refresh the page you should see some requests go out to https://mixmax.com/.netlify/large-media, specifically OPTIONS requests which the browser uses to get the CORS headers from the server.
It actually looks like everything is back in working order somehow. Not sure if there was an outage last Friday, or if it had to do with something else on our end, but everything seems to be working properly. I’ll keep dinging on what might have changed on our end, and report back if I hear anything.