Access to XMLHttpRequest from origin has been blocked by CORS policy
Published Apr 19 2023 09:45 AM 29.3K Views
Microsoft

Symptom 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status" error.  

 

Access to XMLHttpRequest from origin has been blocked by CORS policy: Cannot parse Access-Control-Allow-Methods response header field in preflight response. 

 

Cause 

Invalid CORS header values are causing this problem. 

 

Resolution 

Please check network HAR traces in browser and verify what headers were sent in the request.
 
Confirm that the OPTIONS HTTP verb is not blocked in IIS -> Request Filtering -> HTTP Verbs tab. Please find below screenshots for your reference.
 
Scenario 1
 

1ae179f3-d509-4c66-a065-c8a434a1f27f.png

Scenario 2

 

1ae179f3-d509-4c66-a065-c8a434a1f27f.png
 
 
Please check the values of the headers in IIS and if customer is using any application gateway verify if they are modifying their values. If yes, then please check the below CORS header values. And verify they confirm with the spec.
 
CORS Header Name
Example
TRUE
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers,Authorization 
Access-Control-Allow-Methods - HTTP | MDN (mozilla.org)
 
GET,POST,PUT,OPTIONS
*
Co-Authors
Version history
Last update:
‎Apr 19 2023 09:45 AM
Updated by: