Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • TomDS 5 posts 95 karma points
    6 days ago

    Unable to view packages due to CORS policy

    When attempting to view packages. Developer -> Packages.

    The request to load the packages is failing due to failing a CORS policy.

    Access to XMLHttpRequest at '' from origin 'https://localhost:8081' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    The issue is present across all of our environments.

    I am unsure how to configure CORS to get around this.

  • David Armitage 314 posts 1239 karma points
    2 days ago
    David Armitage

    Hi Tom,

    Check the web config. Have you got any strict security header in here. Maybe something similar to one of my client sites.

            <remove name="X-Powered-By" />
            <remove name="X-Frame-Options" />
            <remove name="X-Xss-Protection" />
            <remove name="X-Content-Type-Options" />
            <remove name="Content-Security-Policy" />
            <add name="X-Frame-Options" value="SAMEORIGIN" />
            <add name="X-Xss-Protection" value="1; mode=block" />
            <add name="X-Content-Type-Options" value="nosniff" />
            <add name="Content-Security-Policy" value="img-src 'self' data: * * *" />
            <add name="Referrer-Policy" value="strict-origin" />
            <add name="Feature-Policy" value="fullscreen 'none'; microphone 'none'" />

    It might be worth checking you down have anything like this in there. Probably compare what headers are used with Umbraco out of the box.

    I think it should look something like this by default.

            <remove name="X-Powered-By"/>



Please Sign in or register to post replies

Write your reply to: