All Products
Document Center

Object Storage Service:The error of "No 'Access-Control-Allow-Origin" is still reported when calling OSS after setting cross-domain rules

Last Updated:Dec 19, 2022

Problem description

In the OSS console set the cross-domain Cross-Origin Resource Sharing (CORS) rule, through the JS program call still reports the following error.

No 'Access-Control-Allow-Origin' header is present on the requested resource


The cause of the problem may be as follows:

  • cross-domain Cross-Origin Resource Sharing (CORS) rule setting exception Cross-Origin Resource Sharing (CORS) rule is not set correctly.

  • A CORS cross-domain rule is set for the browser cache , but a browser cache exists, which causes a response header that does not contain the cross-domain header in the cache to be read.


Different causes have different solutions. We recommend that you clear the browser cache for testing. If an error is still reported, perform the following steps to check whether the CORS cross-domain rule is set correctly:

  1. Log on to the OSS console. Click the target bucket to go to the Bucket Overview page.

  2. In the left-side navigation pane, choose Permissions > cross-domain Settings, and then click Settings.

  3. Ensure that the source in the current rule contains information about the source of the call to OSS, and that the allowed Methods are GET, POST, and HEAD. For more information about how to set up cross-domain rules, see Set up cross-domain access.

  4. If the current cross-domain rule is set correctly, the error still exists. Click Edit to the right of the rule to check the Allow Headers setting. You can set it to an asterisk (*) and save the settings to test whether the problem is solved.


Applicable scope

  • OSS