Access to fetch at '....' has been blocked by CORS policy

jennifer · June 21, 2021, 5:58pm

This morning, we started receiving the error below on all of our graphql API requests:

Access to fetch at 'https://<registry name>.cdn.prismic.io/graphql?query=<query>' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The request headers:

authority: <registry name>.cdn.prismic.io
method: GET
path: /graphql?query=<query>
scheme: https
accept: /*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
authorization: Token <token>
cache-control: no-cache
content-type: application/json
origin: http://localhost:3000
pragma: no-cache
prismic-ref: YLAdShAAACQAZQ2D
referer: http://localhost:3000/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36

The error result is the same for API requests made from our local dev environments, our staging server, and our production server. Please advise.

jennifer · June 21, 2021, 10:34pm

We figured out the problem. At some point, support for querying by uid for _allDocuments was removed. We weren't passing in any uid, but removing the unused query parameter solved the problem.

It would have been nice to have a more relevant error message, though.

system · June 23, 2021, 2:33pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Phil · June 23, 2021, 2:33pm

Hi Jennifer,

I agree that we could have better error messaging here and it's something that's in the teams backlog to improve.

I'm glad you figured this out though

jeremy2 · July 15, 2021, 10:25pm

This post has saved me. I spent most of the day on a wild goose chase over this same bogus CORS error message. In our case, the real problem was an incorrectly named parameter being supplied to our GraphQL query.

This misleading error message very much needs to be addressed.

Phil · July 19, 2021, 11:03am

Hi Jeremy,

Yes, I agree and see how that can be frustrating. We plan to improve the error messaging as part of the larger improvements that will happen to the GraphQL API.

If/when this happens we'll update you here.

Thanks.

Phil · July 21, 2021, 3:12pm

Threads close after a period of inactivity. Flag this thread to re-open it and continue the conversation.

Topic		Replies	Views
Access has been blocked by CORS policy Developing with Prismic graphql	4	3324	December 9, 2021
Access to fetch at <Fetching API URL> from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Developing with Prismic graphql	3	2579	December 9, 2021
CORS Error using GraphQL endpoint Developing with Prismic	3	2952	March 31, 2023
GraphQL cors issue with fetch client side Developing with Prismic graphql	8	1137	December 9, 2021
Request header field prismic-ref is not allowed by Access-Control-Allow-Headers in preflight response Developing with Prismic graphql	43	7361	December 9, 2021

Access to fetch at '....' has been blocked by CORS policy

Related topics