Access to XMLHttpRequest from origin has been blocked by CORS policy

[Guest Sandeep_Goyal]

Symptom

 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status" error.

 

 

 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Cannot parse Access-Control-Allow-Methods response header field in preflight response.

 

 

 

Cause

 

Invalid CORS header values are causing this problem.

 

 

 

Resolution

 

Please check network HAR traces in browser and verify what headers were sent in the request.

 

Confirm that the OPTIONS HTTP verb is not blocked in IIS -> Request Filtering -> HTTP Verbs tab. Please find below screenshots for your reference.

 

Scenario 1

 

 

 

Scenario 2

 

 

 

 

 

Please check the values of the headers in IIS and if customer is using any application gateway verify if they are modifying their values. If yes, then please check the below CORS header values. And verify they confirm with the spec.

 

CORS Header Name	Example
Access-Control-Allow-Credentials - HTTP | MDN (mozilla.org)	TRUE
Access-Control-Allow-Headers - HTTP | MDN (mozilla.org)	Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers,Authorization
Access-Control-Allow-Methods - HTTP | MDN (mozilla.org)	GET,POST,PUT,OPTIONS
Access-Control-Allow-Origin - HTTP | MDN (mozilla.org)	*

 

Continue reading...