18.09.2019
Has Been Blocked By Cors Policy
Has Been Blocked By Cors Policy Average ratng: 3,6/5 3679 reviews
Access to XMLHttpRequest at ' from origin 'has been blocked by CORS policy. May 28, 2019 - Cross-Origin Resource Sharing (CORS) is a mechanism that uses. From origin 'has been blocked by CORS policy: The.
I have been noticing an issue when using my work computer to access some websites, mainly ones with embedded maps like Open Street Maps or Bing (does not seem to affect Google Maps). My colleagues notice the same.Often times, these maps will not load the basemap at all (but they do load the overlaid data from the website that has them embedded), or it will show pink tiles.I noticed that the requests fail with the following message:
'http://a.tile.openstreetmap.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mncors2.dot.state.mn.us' is therefore not allowed access.
In Chrome, using the extension Allow-Control-Allow-Origin: * fixes the issue, as does using HTTPS if the website has it enabled.
The issue happens in late versions of Chrome, Firefox, and Edge. The issue doesn't happen in Internet Explorer.
Further, this only happens when using the work network. When I try it on my phone over the work WIFI, the issue happens, with WIFI off, the maps load fine.
Is this something that our work firewall could be causing?
If so, what would I need to tell our IT people to fix this?
Can it be fixed without affecting security?
We use a lot of mapping sites here, some that we pay for, and this is a serious productivity issue for some folks.
PhilippNagelPhilippNagel
1 Answer
Is this something that our work firewall could be causing?
Yes, it’s not letting all HTTP headers through. It probably has a whitelist of allowed headers and its configuration is very outdated. CORS is relatively new.
If so, what would I need to tell our IT people to fix this? Can it be fixed without affecting security?
They need to update their proxy configuration (or more precisely: the list of allowed HTTP headers). Or just remove those ridiculous limitations completely. This doesn’t affect security anyway.
Daniel BDaniel BHas Been Blocked By Cors Policy
36k8 gold badges70 silver badges89 bronze badges