Access to fetch at '....' has been blocked by CORS policy

This morning, we started receiving the error below on all of our graphql API requests:

Access to fetch at 'https://<registry name>.cdn.prismic.io/graphql?query=<query>' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The request headers:

authority: <registry name>.cdn.prismic.io
method: GET
path: /graphql?query=<query>
scheme: https
accept: /*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
authorization: Token <token>
cache-control: no-cache
content-type: application/json
origin: http://localhost:3000
pragma: no-cache
prismic-ref: YLAdShAAACQAZQ2D
referer: http://localhost:3000/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36

The error result is the same for API requests made from our local dev environments, our staging server, and our production server. Please advise.

We figured out the problem. At some point, support for querying by uid for _allDocuments was removed. We weren't passing in any uid, but removing the unused query parameter solved the problem.

It would have been nice to have a more relevant error message, though.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Hi Jennifer,

I agree that we could have better error messaging here and it's something that's in the teams backlog to improve.

I'm glad you figured this out though :slight_smile:

This post has saved me. I spent most of the day on a wild goose chase over this same bogus CORS error message. In our case, the real problem was an incorrectly named parameter being supplied to our GraphQL query.

This misleading error message very much needs to be addressed.

Hi Jeremy,

Yes, I agree and see how that can be frustrating. We plan to improve the error messaging as part of the larger improvements that will happen to the GraphQL API.

If/when this happens we'll update you here.

Thanks.