1 min read

blocked by CORS policy

blocked by CORS policy
Photo by Markus Winkler / Unsplash

Client Side

Origin is automatically attached to every request to identify the origin of the call

Server Side

Header "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" is attached to every response so the browser can crosscheck if the response is valid.
For Example, for an Apache server

<IfModule mod_headers.c>
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

Solve blocked by CORS policy

Server Internal Error can falsely trigger the CORS error in a JS API fetch. Server code may stop executing due to any interruption and proper headers are failed to inject. Which causes a false alarm. Fixing bugs in the server code will likely solve the issue.