Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at URL

Blog Post created by B-3-1AITCS3 Employee on Jun 19, 2015




You may have observed "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at URL" in your Mozilla browser debugger console window or in Chrome developer tools. Basically this errors are due to restriction a browser applies while loading the resources from other site. Let says your site X is trying to load resources like js/css from Site Y, A policy on browser gets triggered and blocks the resources if site Y doesn't allow other site to request content. This action causes above error message to show up in the console window.


To fix this issue, Site Y has to send Access-Control-Allow-Origin: * response header to allow other site to load resources. In case you want to allow only site X, then site Y should send Access-Control-Allow-Origin: http://<domain-of-site-x>> to browswer.


Access-Control-Allow-Origin which is generally called CORS(Cross-Origin Resources Sharing) opens doors for other specific domain who wants to request specific content. Modern browser will not block the cross domain request right away. If Site X requests content from Site Y, the content will be fetched at network level and will not be blocked if the Site Y's response header indicates requester's domain. In case Site Y's response doesn't include that then the browser will trigger action and will block the request.


If you are an Akamai Customer and if your domain is served by Akamai and restrict others to request the content due to CORS header missing in response, please raise a case with Akamai Customer Care for any further help.



Harsh Dhandhukia