Load script from URL: Access to XMLHttpRequest has been blocked by CORS policy

I am using OE Browser. I try to run Custom script from my server using “Load script from URL”. There is an error in the console of the browser:
“Access to XMLHttpRequest at <my server/script.js> from origin ‘https://apps.sentinel-hub.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
Script from my server is normally accessible via browser.

Quick google search finds one possible cause for that: security does not allow to run script from another domain than the one OE browser (or apps.sentinel-hub.com) is on.

So it seems it is not possible to use custom script from URL or it is limited to specific domains or certificates or something similar?

Hi,

Can you be more specific please? Is this a new error for you, and is this error only occurring for a single custom script, or does this now happen for all your custom scripts?

Thanks

EDIT:

To add to this, in order for scripts being loaded from an external source to work, make sure:

  • the script is on a server that works with the https (url starts with https://<my-server>)
  • the response from the server also has to contain Access-Control-Allow-Origin header
    • easy, generic solution: setting Access-Control-Allow-Origin: * on the server
    • better: Access-Control-Allow-Origin: <origin> - how to set this to <origin> depends on what language + library/framework they use

Hi William,

thanks for the tips in Edit, then I was able to figure it out.
Basically I had to add CORS on my Apache.
So adding

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

to .htaccess file solved the issue.
Source: enable cross-origin resource sharing