Published
Apr 19 2023 09:45 AM
26.5K
Views
Symptom
Access to XMLHttpRequest from origin has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status" error.
Access to XMLHttpRequest from origin has been blocked by CORS policy: Cannot parse Access-Control-Allow-Methods response header field in preflight response.
Cause
Invalid CORS header values are causing this problem.
Resolution
Please check network HAR traces in browser and verify what headers were sent in the request.
Confirm that the OPTIONS HTTP verb is not blocked in IIS -> Request Filtering -> HTTP Verbs tab. Please find below screenshots for your reference.
Scenario 1
Scenario 2
Please check the values of the headers in IIS and if customer is using any application gateway verify if they are modifying their values. If yes, then please check the below CORS header values. And verify they confirm with the spec.
|
CORS Header Name
|
Example
|
|
TRUE
|
|
|
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers,Authorization
|
|
| Access-Control-Allow-Methods - HTTP | MDN (mozilla.org)
|
GET,POST,PUT,OPTIONS
|
|
*
|