cravingcalc.netlify.app
Hi,
I am using GitHub - jon-sully/react-netlify-identity-gotrue: A pure React (hooks-based) API to Netlify Identity / GoTrue, fully implementing all auth workflows to implement identity login, @jonsully
I was developing on chrome with ntl dev and ran into this error out of nowhere:
Access to fetch at 'https://cravingcalc.netlify.app/.netlify/identity/token' from origin 'http://localhost:8888' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
netlify.toml
[functions]
directory = "functions"
[[headers]]
for = "/*"
[headers.values]
Access-Control-Allow-Origin = "*"
Any help is appreciated
Greetings @willb335 
So for starters, I wouldn’t recommend this:
[[headers]]
for = "/*"
[headers.values]
Access-Control-Allow-Origin = "*"
Since it opens up all of your site content to any other domain that wants to pull it. In addition, while it reads like it should help your situation, I don’t think those headers get applied to responses from GoTrue (Netlify Identity).
That said, do you have a custom domain attached to the site? GoTrue is actually supposed to clear localhost:8888 as a CORS-able domain but I’ve seen over the last couple years a few instances where this problem crops up when using the *.netlify.app domain (no idea why).
–
Jon
3 Likes
Hey Jon, thanks for the quick reply. I don’t have a custom domain attached to the site, but the site is now fetching the token fine, no idea what caused the change. 
I am using Access-Control-Allow-Origin = "https://developer.mozilla.org" as a test and it is behaving like a Access-Control-Allow-Origin = "*". I expected to get a cors error when calling my functions with this value, not sure if you can provide any insight(a bit off topic).
Anyways, thanks for the reply, seems to be working.
1 Like