Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
Simply put, the origin making the request does not match any of the origins permitted by the
This error can also occur if the response includes more than one
If the service your code is accessing using a CORS request is under your control, make sure that it's configured to include your origin in its
Access-Control-Allow-Origin header, and that only one such header is included in responses. The header itself accepts a comma-delineated list of origins, so adding a new origin is not difficult.
For example, in Apache, add a line such as the following to the server's configuration (within the appropriate
<VirtualHost> section). The configuration is typically found in a
.conf file (
apache.conf are common names for these), or in an
Header set Access-Control-Allow-Origin 'origin-list'
For Nginx, the command to set up this header is:
add_header 'Access-Control-Allow-Origin' 'origin-list'
© 2005–2020 Mozilla and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.