Load script from URL: Access to XMLHttpRequest has been blocked by CORS policy

mohito · September 4, 2022, 8:05pm

I am using OE Browser. I try to run Custom script from my server using “Load script from URL”. There is an error in the console of the browser:
“Access to XMLHttpRequest at <my server/script.js> from origin ‘https://apps.sentinel-hub.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
Script from my server is normally accessible via browser.

Quick google search finds one possible cause for that: security does not allow to run script from another domain than the one OE browser (or apps.sentinel-hub.com) is on.

So it seems it is not possible to use custom script from URL or it is limited to specific domains or certificates or something similar?

william.ray · September 5, 2022, 7:28am

Hi,

Can you be more specific please? Is this a new error for you, and is this error only occurring for a single custom script, or does this now happen for all your custom scripts?

Thanks

EDIT:

To add to this, in order for scripts being loaded from an external source to work, make sure:

the script is on a server that works with the https (url starts with https://<my-server>)
the response from the server also has to contain Access-Control-Allow-Origin header
- easy, generic solution: setting Access-Control-Allow-Origin: * on the server
- better: Access-Control-Allow-Origin: <origin> - how to set this to <origin> depends on what language + library/framework they use

mohito · September 5, 2022, 7:23pm

Hi William,

thanks for the tips in Edit, then I was able to figure it out.
Basically I had to add CORS on my Apache.
So adding

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

to .htaccess file solved the issue.
Source: enable cross-origin resource sharing

system · November 4, 2022, 7:23pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.