Refuses to set Access-Control-Allow-Origin: * specified in netlify.toml

bjrn · August 25, 2020, 5:56am

Hi, I’ve added Access-Control-Allow-Origin = "*" to a few asset folders on our site (id: mdsite) but they simply refuses to get set. Other headers gets applied correctly, but no this one … the one for /fonts/* which I added a long time back, seems to work though. On a test netlify account pointing to another branch of the same repo, I also tried setting it in a _headers file, but no success with that either … the netlify.toml gets read correctly according to the build logs. Clear cache + build doesn’t help either. How can I fix this?

[[headers]]
  for = "/*"
  [headers.values]
    Referrer-Policy = "same-origin"
    X-Content-Type-Options = "nosniff"
    X-Frame-Options = "DENY"
    X-XSS-Protection = "1; mode=block"

[[headers]]
  for = "/data/*"
  [headers.values]
    Access-Control-Allow-Origin = "*"

[[headers]]
  for = "/fonts/*"
  [headers.values]
    Access-Control-Allow-Origin = "*"

fool · August 27, 2020, 6:13pm

Could you tell us the site in question so we can try to reproduce and understand the failing, please, @bjrn?

Topic		Replies	Views
Netlify.toml headers don't work, but _headers do Support headers	3	2255	June 13, 2020
CORS headers appearing in resource response Support cors	6	698	May 13, 2021
No 'Access-Control-Allow-Origin' header Support deployment	5	8542	September 18, 2023
NextJS build ignoring headers set in netlify.toml Support deployment , security	28	4499	February 1, 2024
Access-Control-Allow-Origin Policy Support authentication , cors	74	61789	March 5, 2024

Refuses to set Access-Control-Allow-Origin: * specified in netlify.toml

Related topics