본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource

more options

I am using tomcat 9 as my web server and has included the CORS filter parameters provided by tomcat user guide. But when I try to invoke http://localhost:port through ajax request it is getting an error message "Cross-Origin Request Blocked: The Same Origin Policy"

The issue occurred after the installation of SSL certificate in my domain. Earlier when the website was working without https it was working fine with out any issues.

But after changing my domain to https CORS error started to pop up..

Moreover this error is there only in Firefox, in every other browser it is working without any problems.

Kindly help me in fixing the issue in Firefox.

I am using tomcat 9 as my web server and has included the CORS filter parameters provided by tomcat user guide. But when I try to invoke http://localhost:port through ajax request it is getting an error message "Cross-Origin Request Blocked: The Same Origin Policy" The issue occurred after the installation of SSL certificate in my domain. Earlier when the website was working without https it was working fine with out any issues. But after changing my domain to https CORS error started to pop up.. Moreover this error is there only in Firefox, in every other browser it is working without any problems. Kindly help me in fixing the issue in Firefox.

모든 댓글 (5)

more options

Did you use the allow all CORS header: Access-Control-Allow-Origin: *

If not, what header did you put on your tomcat 9 server? Are you trying to access it from a page with origin localhost?

If you deploy the server, I can check the headers for you and let you know what you can and cannot do with it using ajax.

more options

I have used the filter suggested by tomcat in my web.xml which is as shown below.

<filter>

 <filter-name>CorsFilter</filter-name>
 <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
 <init-param>
   <param-name>cors.allowGenericHttpRequests</param-name>
   <param-value>true</param-value>

</init-param>

 <init-param>
   <param-name>cors.allowed.origins</param-name>
   <param-value>*</param-value>
 </init-param>
 <init-param>
   <param-name>cors.allowed.methods</param-name>
   <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
 </init-param>
 <init-param>
   <param-name>cors.exposed.headers</param-name>
   <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
 </init-param>

</filter>

<filter-mapping>

 <filter-name>CorsFilter</filter-name>
 <url-pattern>/*</url-pattern>

</filter-mapping>

Also tried to set header from my jsp page with the following code

response.setHeader("Access-Control-Allow-Origin", "*")


It is an internal application from which I am trying to access so it cannot be accessed from outside..

Yes I am trying to access the the page with origin localhost

more options

You can see CORS errors when you use the file:// protocol to access local files via XMLHttpRequest, Fetch APIs, Web Fonts (@font-face), and WebGL textures, and XSL stylesheets.

You can possibly bypass this security measure by modifying this pref on the about:config page (not recommended).

  • privacy.file_unique_origin = false

See also:

more options

Changed privacy.file_unique_origin as false..still error persists

more options

The config definitely specifies permissive access controls, so you shouldn't have a problem. If you can't expose the project externally, you'll have to check your headers yourself.

If you make an HTTP get request to your server, do you get Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,HEAD,OPTIONS,PUT in the header of the response? What is the header response?

You may also be facing this issue if you use authentication on the server: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials you would fix this by replacing all of the * above with localhost.