Load script from URL: Access to XMLHttpRequest has been blocked by CORS policy

4 months ago
26 April 2024
2 replies
4 views

I am using OE Browser. I try to run Custom script from my server using “Load script from URL”. There is an error in the console of the browser:

“Access to XMLHttpRequest at <my server/script.js> from origin ‘https://apps.sentinel-hub.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

Script from my server is normally accessible via browser.

Quick google search finds one possible cause for that: security does not allow to run script from another domain than the one OE browser (or apps.sentinel-hub.com) is on.

So it seems it is not possible to use custom script from URL or it is limited to specific domains or certificates or something similar?

Page 1 / 1

Hi,

Can you be more specific please? Is this a new error for you, and is this error only occurring for a single custom script, or does this now happen for all your custom scripts?

Thanks

EDIT:

To add to this, in order for scripts being loaded from an external source to work, make sure:

the script is on a server that works with the https (url starts with https://<my-server>)

the response from the server also has to contain Access-Control-Allow-Origin header
- easy, generic solution: setting Access-Control-Allow-Origin: * on the server
- better: Access-Control-Allow-Origin: <origin> - how to set this to <origin> depends on what language + library/framework they use

Hi,

thanks for the tips in Edit, then I was able to figure it out.
Basically I had to add CORS on my Apache.
So adding

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

to .htaccess file solved the issue.
Source: enable cross-origin resource sharing

Reply

Sign up.

Login with Planet Account

Login to the Planet community

Login with Planet Account

Scanning file for viruses.

This file cannot be downloaded