Allow cors on localhost

Question

I know it has kinda been answered already, but i don't understand how to fix my issue. I'm developing a static website using webpack 4, and i'm having issues when trying to load images (locally and from my online server).

How do you fix the Access to XMLHttpRequest at 'XXX' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource error when using webpack? I'm not using express (still learning webpack) and all the answers i find are quite a bit complicated for me and uses custom servers, which i don't..

Is there a simple method to bypass this?

By the way, i'm using <img src="XXX" alt="" crossorigin="anonymous"> with my images. Sometimes it works, sometimes it doesn't.. the articles i've found are way too technical for me at this point..

I've tried to add the following to my webpack.config.dev.js file, but it doesn't work either :

devServer: {
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
      'Access-Control-Allow-Headers': 'X-Requested-With, content-type, Authorization',
    },
(...)
}

I think there's no simple way around that. See below the answer how to disable the CORS, and a ton of other things, in Chrome (good thing you can do that from a different profile). I found that serving stuff off a very simple Experss server using CORS middleware is simpler in the long run. — 9000, Jan 13 '20 at 23:20

score 6 · Accepted Answer · answered Jan 13 '20 at 23:17

6

I think your images loaded from your online server cause the CORS warning and your webpack conf has nothing to do with it.

If you're using Chrome you can bypass CORS by using an extension like this or using Chrome's --disable-web-security argument explained as here

answered Jan 13 '20 at 23:17

Tamer Aktaş

356
1
10

1

The extension is perfect! I've tried other that didn't work, but this one works great. Thanks! – Perdixo Jan 13 '20 at 23:51
I could'nt understand underlying issue exactly.may you want to try to add 'Access-Control-Allow-Origin': '*', or 'Access-Control-Allow-Origin': 'localhost:3000', at your online http server responses ? – Tamer Aktaş Jan 13 '20 at 23:51

score 1 · Answer 2 · answered Jan 13 '20 at 23:24

1

You could try to use JSONP, but it's kinda of a hack and it isn't allowed on every API

answered Jan 13 '20 at 23:24

alissongranemann

632
5
11

Allow cors on localhost

2 Answers2