Access-Control-Allow-Origin Policy

Hi there,

I am trying to access json resources deployed to a standard netlify site - but getting:

" No ‘Access-Control-Allow-Origin’ header is present on the requested resource" .

From the SPA when I make a request to the json file.

I am trying to formulate a _headers file to enable Cors - but having difficulty in getting this to work, and not sure this is in fact the correct approach.

I can see that the files are there as a standard browser request is retrieving them.

Any advice greatly appreciated!


Found the solution: this netlify.toml file will do the trick:

# The following redirect is intended for use with most SPAs that handle
# routing internally.
  from = "/*"
  to = "/index.html"
  status = 200

  # Define which paths this specific [[headers]] block will cover.
  for = "/*"
    Access-Control-Allow-Origin = "*"

great find and thanks so much for sharing it with us! Netlify’s tech support would have given you a very similar answer :slight_smile:

If you’re using _headers that would look like this instead:

  Access-Control-Allow-Origin: *

and the main gotcha is that that needs to be sitting next to index.html after your build completes, rather than in the root of your repo like netlify.toml

1 Like

Thank U so much!!!It bothered me for two days.
Ur solution works!:grimacing: