CORS errors - HTTP | MDN
Identifying a CORS issue
To understand the underlying issue with the CORS configuration, you need to find out which request is at fault and why. These steps may help you do so:
- Navigate to the website or web app in question and open the Developer Tools.
- Now try to reproduce the failing transaction and check the console if you are seeing a CORS violation error message. It will probably look like this:

The text of the error message will be something similar to the following:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://some-url-here. (Reason: additional information here).
Note: For security reasons, specifics about what went wrong with a CORS request are not available to JavaScript code. All the code knows is that an error occurred. The only way to determine what specifically went wrong is to look at the browser's console for details.
CORS error messages
Firefox's console displays messages in its console when requests fail due to CORS. Part of the error text is a "reason" message that provides added insight into what went wrong. The reason messages are listed below; click the message to open an article explaining the error in more detail and offering possible solutions.
- Reason: CORS disabled
- Reason: CORS request did not succeed
- Reason: CORS header 'Origin' cannot be added
- Reason: CORS request external redirect not allowed
- Reason: CORS request not http
- Reason: CORS header 'Access-Control-Allow-Origin' missing
- Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
- Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
- Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'
- Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
- Reason: CORS preflight channel did not succeed
- Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'
- Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
- Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
- Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed