Updates and Announcements

Release Notes

Announcements

User Tutorial

Product Introduction

Product Overview

Strengths

Use Cases

Term

Use Limits

CDN Performance Descriptions (Spot-check)

Purchase Guide

CDN Purchase Guide

ECDN Purchase Guide

Getting Started

Configuring CDN from Scratch

Adding Domain Names

CNAME Configuration

Domain Name Ownership Verification

FAQs about Domain Name Connection

Configuration Guide

Domain Management

Domain Name Configurations

Statistical Analysis

Purge and Prefetch

Log Management

EdgeOne

Service Query

Offline Cache

Permission Management

Permission Configuration

Console Permissions

Activate Real-time Logging as Sub-account/Collaborator

Use Cases

Accelerating Resources on COS with CDN

Practical Tutorial

Guide to Using the EdgeOne Tool for Migrating Content Delivery Network (CDN) Related Services

CDN - CVM

CDN - COS

Configuring CNAME via DNSPod

Regularly Storing CDN Logs

API Documentation

History

Introduction

API Category

Content Management APIs

Real-time Log APIs

Service Query APIs

Data Query APIs

Making API Requests

Log Query APIs

StopCdnDomain

Configuration Management APIs

Obsoleted APIs

Other APIs

Data Types

Error Codes

FAQ

Features

Billing

FAQs about Domain Name Connection

Cache Configuration FAQs

Purge and Prefetch

Statistical Analysis

FAQs about HTTPS

Connection

Errors

Troubleshooting Methods

Status Codes and Solutions

Node Cache Inconsistency

Slow Access Speed After CDN Activation

Low Traffic Hit Rate

404 Status Code

Page Display - CORS error

Resource Cache Failure

Service Level Agreement

Glossary

Page Display - CORS error

PDF

Focus Mode

Font Size

Last updated: 2025-08-20 10:15:35

Error Description
A CORS error is reported, which results in page error or exceptional page display. See the figure below:
﻿
﻿
﻿
Possible Reasons
CORS error are caused by the same-origin policy of the browser. For the webpage security, when the response for this request will be blocked by the browser, which will result in frontend error or exceptional page display. When the protocol, domain name or port of the request URL is different with that of the URL of requested page, the request is considered a cross-site request.
Solutions
1. Check whether the issue is caused by cross-site request. See the figure below:
﻿
﻿
2. Configure corresponding HTTP response header in CDN console and define domains allowed to access this resource.
Troubleshooting Procedure
1. Log in to CDN console, go to Domain Name Management - Advanced Configuration - HTTP Response Header, complete the setting of Access-Control-Allow-Origin parameter as below to allow cross-site requests from all domains. For more information, see Access-Control-Allow-Origin match mode description.
2. You can also configure to allow cross-region requests from a single or multiple specified domain names/IPs.
3. You can also configure header parameters such as Access-Control-Request-Method, Access-Control-Request-Headers, and Access-Control-Max-Age to specify the allowed request methods and headers and how long the results of a preflight request can be cached. For more information, see List of Supported Parameters.
Note: 
 If you have configured cross-region access on the COS bucket, please configure cross-region rules in HTTP Response Header in the CDN console.
﻿
List of Supported Parameters
Header Parameter
Description
Access-Control-Allow-Origin
Specifies which origins are allowed to access the resource. For requests from the allowed origins, the host is added to the request header. You can also configure it to * to allow requests from all origins. For more information, see Access-Control-Allow-Origin match mode description.
Access-Control-Allow-Methods
Indicates the HTTP methods allowed for cross-origin requests. You can configure one or more methods, as shown below: Access-Control-Allow-Methods: POST, GET, OPTIONS.
Access-Control-Max-Age
Specifies the validity period (in seconds) of a preflight request. For a non-simple cross-origin request, an HTTP query request, namely the preflight request, is needed before the official communication to check whether the cross-origin request is secure to be accepted. A cross-origin request is non-simple if it is: not a GET, HEAD, or POST request, or it is a POST request but its request data type is application/xml, text/xml or any other data type except application/x-www-form-urlencoded, multipart/form-data, and text/plain. For example, if a custom request header is Access-Control-Max-Age:1728000, there will not be another preflight request sent for this CORS within 1,728,000 seconds (20 days).
Access-Control-Expose-Headers
This specifies which headers can be exposed to clients as a part of responses. By default, these 6 headers can be exposed to clients: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma. If you want to make other headers accessible to clients, you can separate multiple headers with a comma, e.g., Access-Control-Expose-Headers: Content-Length,X-My-Header. In this way, clients can access the two headers Content-Length and X-My-Header.
﻿
Access-Control-Allow-Origin Configuration
Mode
Value/Example
Description
Allow all
*
When it is set to *, the header Access-Control-Allow-Origin:* will be added to the response, which means to allow requests from all origins.
Specified domain
http://cloud.tencent.comhttps://cloud.tencent.comhttp://www.b.com
When a request is initiated from https://cloud.tencent.com, which hits the rule, the header Access-Control-Allow-Origin: https://cloud.tencent.com is added to the response. However when there is a request from https://www.qq.com, which does not hit the rule, the response is not changed.
Specified second-level domain name
https://*.tencent.com
When a request is initiated from https://cloud.tencent.com, which hits the rule, the header Access-Control-Allow-Origin: https://cloud.tencent.com is added to the response. However when there is a request from https://cloud.qq.com, which does not hit the rule, the response is not changed.
Specified port
https://cloud.tencent.com:8080
When a request is initiated from https://cloud.tencent.com:8080, which hits the rule, the header Access-Control-Allow-Origin:https://cloud.tencent.com:8080 is added to the response. However when there is a request from https://cloud.tencent.com, which does not hit the rule, the response is not change.
Note: 
 If there are special ports, you need to enter the relevant information in the list. You must specify the port as arbitrary port match is not supported.

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

Mode	Value/Example	Description
Allow all	`*`	When it is set to ``, the header `Access-Control-Allow-Origin:` will be added to the response, which means to allow requests from all origins.
Specified domain	`http://cloud.tencent.comhttps://cloud.tencent.comhttp://www.b.com`	When a request is initiated from `https://cloud.tencent.com`, which hits the rule, the header `Access-Control-Allow-Origin: https://cloud.tencent.com` is added to the response. However when there is a request from `https://www.qq.com`, which does not hit the rule, the response is not changed.
Specified second-level domain name	`https://*.tencent.com`	When a request is initiated from `https://cloud.tencent.com`, which hits the rule, the header `Access-Control-Allow-Origin: https://cloud.tencent.com` is added to the response. However when there is a request from `https://cloud.qq.com`, which does not hit the rule, the response is not changed.
Specified port	`https://cloud.tencent.com:8080`	When a request is initiated from `https://cloud.tencent.com:8080`, which hits the rule, the header `Access-Control-Allow-Origin:https://cloud.tencent.com:8080` is added to the response. However when there is a request from `https://cloud.tencent.com`, which does not hit the rule, the response is not change.

Header Parameter	Description
Access-Control-Allow-Origin	Specifies which origins are allowed to access the resource. For requests from the allowed origins, the host is added to the request header. You can also configure it to `*` to allow requests from all origins. For more information, see Access-Control-Allow-Origin match mode description.
Access-Control-Allow-Methods	Indicates the HTTP methods allowed for cross-origin requests. You can configure one or more methods, as shown below: Access-Control-Allow-Methods: `POST, GET, OPTIONS`.
Access-Control-Max-Age	Specifies the validity period (in seconds) of a preflight request. For a non-simple cross-origin request, an HTTP query request, namely the preflight request, is needed before the official communication to check whether the cross-origin request is secure to be accepted. A cross-origin request is non-simple if it is: not a GET, HEAD, or POST request, or it is a POST request but its request data type is application/xml, text/xml or any other data type except application/x-www-form-urlencoded, multipart/form-data, and text/plain. For example, if a custom request header is Access-Control-Max-Age:`1728000`, there will not be another preflight request sent for this CORS within 1,728,000 seconds (20 days).
Access-Control-Expose-Headers	This specifies which headers can be exposed to clients as a part of responses. By default, these 6 headers can be exposed to clients: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma. If you want to make other headers accessible to clients, you can separate multiple headers with a comma, e.g., Access-Control-Expose-Headers: Content-Length,X-My-Header. In this way, clients can access the two headers Content-Length and X-My-Header.

tencent cloud

Content Delivery Network

Page Display - CORS error

Error Description

Possible Reasons

Solutions

Troubleshooting Procedure

List of Supported Parameters

Access-Control-Allow-Origin Configuration

Help and Support