CORS error with netlify identity

I copied and pasted the react netlify example from the docs, and when I try and paste my url in, it says "Failed to load settings from "

Console error:
Access to fetch at 'https://<my-site>' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I’ve noticed a number of people mentioning netlify-cms, I don’t even know what that is. Also not using a git-gateway.

I have no idea why it’d be doing this, it’s worked for another react project in the past.

You’re getting that error because your local server has a domain of ‘localhost’, which doesn’t match Have you tried deploying your code and see if you still get that error?

It is actually a bug on Netlify CMS end.

Try using localhost:8888 and it will work. In my case, /.netlify/git/settings was only allowing http://localhost:8888 while /.netlify/identity/settings was allowing any host * (so one of the two worked with port 3000 as well).

LE: it actually appears when the API call times out. Couldn’t fix it with re-linking Git Gateway, yet. (when trying to access it directly at For my other apps, it works fine.

LLE: works now (regardless of localhost and port number), took some time, uninstall/reinstalled Netlify Github App, relinked the repo, re-enabled the Identity Git Gateway.

Thanks @jozsi for reporting the issue and the solution. When working with the CMS locally with identity and git gateway, it should ask for your site URL and store it in local storage, so it knows how to connect to those services. When working with the live site it just uses the current domain. I’ve seen recent cases where it takes some time for git gateway to initialize, but it didn’t result in CORS errors so thank you for informing us. Regardless both git gateway and identity should allow any host (either by mirroring the origin or by sending a *)

1 Like

Dear @erez, it’s a pleasure to observe the development of the CMS on GitHub.

I’ve had the site URL set. So basically when the Git gateway was timing out (it was not yet initialized; didn’t get any response for minutes, unlike the Timeout error that happens in some scenaries like when a token re-issue is requested), the CORS prelight request responded instantly without the allowance of * hosts. Unfortunately I didn’t save the response headers and can’t reproduce anymore.

1 Like

That sounds unusual @jozsi. Glad things are working for you now. If you follow @erez’s steps, things should work without issue. If you are able to reproduce the issue again, please do let us know.

1 Like