Blog Post

IIS Support Blog
1 MIN READ

Access to XMLHttpRequest from origin has been blocked by CORS policy

Sandeep_Goyal's avatar
Sandeep_Goyal
Icon for Microsoft rankMicrosoft
Apr 19, 2023

Symptom 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status" error.  

 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Cannot parse Access-Control-Allow-Methods response header field in preflight response. 

 

Cause 

Invalid CORS header values are causing this problem. 

 

Resolution 

Please check network HAR traces in browser and verify what headers were sent in the request.
 
Confirm that the OPTIONS HTTP verb is not blocked in IIS -> Request Filtering -> HTTP Verbs tab. Please find below screenshots for your reference.
 
Scenario 1
 

Scenario 2

 

 
 
Please check the values of the headers in IIS and if customer is using any application gateway verify if they are modifying their values. If yes, then please check the below CORS header values. And verify they confirm with the spec.
 
CORS Header Name
Example
TRUE
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers,Authorization 
Access-Control-Allow-Methods - HTTP | MDN (mozilla.org)
 
GET,POST,PUT,OPTIONS
*
Published Apr 19, 2023
Version 1.0
No CommentsBe the first to comment