Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'

Our volunteers haven't translated this article into ไทย yet. Join us and help get the job done!
You can also read the article in English (US).


Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'

What went wrong?

Simply put, the origin making the request does not match any of the origins permitted by the  Access-Control-Allow-Origin header.

This error can also occur if the response includes more than one Access-Control-Allow-Origin header.

If the service your code is accessing using a CORS request is under your control, make sure that it's configured to include your origin in its Access-Control-Allow-Origin header, and that only one such header is included in responses. The header itself accepts a comma-delineated list of origins, so adding a new origin is not difficult.

For example, in Apache, add a line such as the following to the server's configuration (within the appropriate <Directory>, <Location>, <Files>, or <VirtualHost> section). The configuration is typically found in a .conf file (httpd.conf and apache.conf are common names for these), or in an .htaccess file.

Header set Access-Control-Allow-Origin 'origin-list'

For Nginx, the command to set up this header is:

add_header 'Access-Control-Allow-Origin' 'origin-list'

See also

Document Tags and Contributors

ผู้มีส่วนร่วมกับหน้านี้: mdnwebdocs-bot, Cyllos42, sideshowbarker, Llamaless, Sheppy
อัปเดตล่าสุดโดย: mdnwebdocs-bot,