Home
Support Forums

No 'Access-Control-Allow-Origin' header

Preview site:

Console Error:
Access to script at 'https://d33wubrfki0l68.cloudfront.net/js/e903370b0096a53f43fcbbdb1fc939ac3b7667aa/build/p-4e79966c.js' from origin 'https://5ebc380acf386c0006d39065--core-ds-components.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

No build issues.

I searched around and tried adding this netlify.toml file to the root, with no changes unfortunately:

[[headers]]
for = "/*"
[headers.values]
Access-Control-Allow-Origin = "*"

Is this a cloudfront header issue? I’m at a loss on where to go for resolution…

Yup - that is saying that cloudfront doesn’t have your custom header which is true! I think you’re using asset optimization on the site, and that will clash with custom headers - we can’t set them on those resources. So, you could turn off that feature in your build and deploy settings and that would remove the problem.

1 Like

I’m experiencing the same error and I don’t quite understand the solution. Are you saying that we’re unable to use the asset optimization plugin at all currently?

I don’t know what plugin you refer to; I am talking about the not-a-build-plugin feature in your deploy settings page titled asset optimization:

image

This feature will NOT allow you to set custom headers on any assets optimized (which you cannot individually control), nor will it work with our large media service.

It is something you can implement yourself in a way that doesn’t clash with those services; there are dozens of html/css/js minifiers (for instance, many are described in these threads: https://stackoverflow.com/search?q=front-end+bundle+minify), which will do at least a good a job as our built-in facility, AND allow you much more control over which assets they bundle/minify, so that’s my recommendation if you need bundling/minification for today AND you require our custom headers or large media to work.

Ok yes, that’s what I wanted to know. I also experienced some CORS-related errors when switching on the asset optimization. I will use my own asset optimization pipeline then. Thanks fool!