Reason: CORS request not HTTP

Jump to:

Reason
What went wrong?
See also

Reason

Reason: CORS request not HTTP

What went wrong?

CORS requests may only use the HTTPS URL scheme, but the URL specified by the request is of a different type. This often occurs if the URL specifies a local file, using a file:/// URL.

To fix this problem, simply make sure you use HTTPS URLs when issuing requests involving CORS.

Document Tags and Contributors

Tags:

console
CORS
CORSRequestNotHttp
Cross-Origin
Error
HTTP
HTTPS
Messages
Reasons
Security
troubleshooting

Contributors to this page: Sheppy

Last updated by: Sheppy, Jul 24, 2018, 2:04:45 PM

Related Topics

HTTP
Guides:
Resources and URIs
1. Identifying resources on the Web
2. Data URIs
3. Introduction to MIME Types
4. Complete list of MIME Types
5. Choosing between www and non-www URLs
HTTP guide
1. Basics of HTTP
2. Overview of HTTP
3. Evolution of HTTP
4. HTTP Messages
5. A typical HTTP session
6. Connection management in HTTP/1.x
7. Protocol upgrade mechanism
HTTP security
1. Content Security Policy (CSP)
2. HTTP Public Key Pinning (HPKP)
3. HTTP Strict Transport Security (HSTS)
4. Cookie security
5. X-Content-Type-Options
6. X-Frame-Options
7. X-XSS-Protection
8. Mozilla web security guidelines
9. Mozilla Observatory
HTTP access control (CORS)
HTTP authentication
HTTP caching
HTTP compression
HTTP conditional requests
HTTP content negotiation
HTTP cookies
HTTP range requests
HTTP redirects
HTTP specifications
References:
HTTP headers
1. Accept
2. Accept-Charset
3. Accept-Encoding
4. Accept-Language
5. Accept-Ranges
6. Access-Control-Allow-Credentials
7. Access-Control-Allow-Headers
8. Access-Control-Allow-Methods
9. Access-Control-Allow-Origin
10. Access-Control-Expose-Headers
11. Access-Control-Max-Age
12. Access-Control-Request-Headers
13. Access-Control-Request-Method
14. Age
15. Allow
16. Authorization
17. Cache-Control
18. Clear-Site-Data
19. Connection
20. Content-Disposition
21. Content-Encoding
22. Content-Language
23. Content-Length
24. Content-Location
25. Content-Range
26. Content-Security-Policy
27. Content-Security-Policy-Report-Only
28. Content-Type
29. Cookie
30. Cookie2
31. DNT
32. Date
33. ETag
34. Expect
35. Expect-CT
36. Expires
37. Forwarded
38. From
39. Host
40. If-Match
41. If-Modified-Since
42. If-None-Match
43. If-Range
44. If-Unmodified-Since
45. Keep-Alive
46. Large-Allocation
47. Last-Modified
48. Location
49. Origin
50. Pragma
51. Proxy-Authenticate
52. Proxy-Authorization
53. Public-Key-Pins
54. Public-Key-Pins-Report-Only
55. Range
56. Referer
57. Referrer-Policy
58. Retry-After
59. Sec-WebSocket-Accept
60. Server
61. Server-Timing
62. Set-Cookie
63. Set-Cookie2
64. SourceMap
65. Strict-Transport-Security
66. TE
67. Timing-Allow-Origin
68. Tk
69. Trailer
70. Transfer-Encoding
71. Upgrade-Insecure-Requests
72. User-Agent
73. Vary
74. Via
75. WWW-Authenticate
76. Warning
77. X-Content-Type-Options
78. X-DNS-Prefetch-Control
79. X-Forwarded-For
80. X-Forwarded-Host
81. X-Forwarded-Proto
82. X-Frame-Options
83. X-XSS-Protection
HTTP request methods
1. CONNECT
2. DELETE
3. GET
4. HEAD
5. OPTIONS
6. PATCH
7. POST
8. PUT
9. TRACE
HTTP response status codes
1. 100 Continue
2. 101 Switching Protocols
3. 200 OK
4. 201 Created
5. 202 Accepted
6. 203 Non-Authoritative Information
7. 204 No Content
8. 205 Reset Content
9. 206 Partial Content
10. 300 Multiple Choices
11. 301 Moved Permanently
12. 302 Found
13. 303 See Other
14. 304 Not Modified
15. 307 Temporary Redirect
16. 308 Permanent Redirect
17. 400 Bad Request
18. 401 Unauthorized
19. 403 Forbidden
20. 404 Not Found
21. 405 Method Not Allowed
22. 406 Not Acceptable
23. 407 Proxy Authentication Required
24. 408 Request Timeout
25. 409 Conflict
26. 410 Gone
27. 411 Length Required
28. 412 Precondition Failed
29. 413 Payload Too Large
30. 414 URI Too Long
31. 415 Unsupported Media Type
32. 416 Range Not Satisfiable
33. 417 Expectation Failed
34. 418 I'm a teapot
35. 422 Unprocessable Entity
36. 426 Upgrade Required
37. 428 Precondition Required
38. 429 Too Many Requests
39. 431 Request Header Fields Too Large
40. 451 Unavailable For Legal Reasons
41. 500 Internal Server Error
42. 501 Not Implemented
43. 502 Bad Gateway
44. 503 Service Unavailable
45. 504 Gateway Timeout
46. 505 HTTP Version Not Supported
47. 511 Network Authentication Required
CSP directives
1. CSP: base-uri
2. CSP: block-all-mixed-content
3. CSP: child-src
4. CSP: connect-src
5. CSP: default-src
6. CSP: font-src
7. CSP: form-action
8. CSP: frame-ancestors
9. CSP: frame-src
10. CSP: img-src
11. CSP: manifest-src
12. CSP: media-src
13. CSP: object-src
14. CSP: plugin-types
15. CSP: referrer
16. CSP: report-uri
17. CSP: require-sri-for
18. CSP: sandbox
19. CSP: script-src
20. CSP: style-src
21. CSP: upgrade-insecure-requests
22. CSP: worker-src
23. report-to

Reason: CORS request not HTTP

Reason

What went wrong?

See also

Document Tags and Contributors

Learn the best of web development

Thanks! Please check your inbox to confirm your subscription.