Reason: CORS header 'Access-Control-Allow-Origin' missing

Esta traducción está incompleta. Por favor, ayuda a traducir este artículo del inglés.


Razon: CORS header 'Access-Control-Allow-Origin' missing

What went wrong?

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin.

Si el servidor esta bajo tu control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value.

Por ejemplo, para permitir a un sitio como acceder al recurso usando CORS, la cabecera deberia ser:


You can also configure a site to allow any site to access it by using the "*" wildcard. You should only use this for public APIs. Private APIs should never use "*", and should instead have a specific domain or domains set. In addition, the wildcard only works for requests made with the crossorigin attribute set to "anonymous".

Access-Control-Allow-Origin: *

Warning: Using the wildcard to allow all sites to access a private API is a bad idea for what should be obvious reasons.


For example, in Apache, add a line such as the following to the server's configuration (within the appropriate <Directory>, <Location>, <Files>, or <VirtualHost> section). The configuration is typically found in a .conf file (httpd.conf and apache.conf are common names for these), or in an .htaccess file.

Header set Access-Control-Allow-Origin 'origin-list'

Para Nginx, tel comando para configurar esta cabecera es:

add_header 'Access-Control-Allow-Origin' 'origin-list"


Vea tambien

Etiquetas y colaboradores del documento

Colaboradores en esta página: rewin23
Última actualización por: rewin23,