Access-control-allow-origin missing in random URLs

Getting this error from Cloudflare URLs

Access to script at ‘https://cdnjs.Cloudflare.com/abc.js’ from origin ‘https://abc.xyz.net’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

We have setup several JavaScript files in Cloudflare and the Access-Control-Allow-Origin is missing randomly in for different files for different users. And due to this we are getting the above error.

Any help is appreciated on this. We could purge files but its happening so randomly that not sure it will help

2 Likes

A few customers reported the same error to me yesterday. As an example, one particular instance was for loading lodash on Chrome:

https://cdnjs.Cloudflare.com/ajax/libs/lodash.js/4.17.4/lodash.min.js
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Another one was about a font file:
https://cdnjs.Cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2

Altough when I look at them now, I can see the “access-control-allow-origin: *” header.
Was it a temporary issue?

1 Like

Its happening even now, but only randomly. For every new customer who tries to use our website out of about 20 files that we host in Cloudflare about 3 to 4 random files give this error. And if we keep on hitting refresh it eventually comes through, Since these files gets cached we get away with existing users.

Yes I can confirm that I’m experiencing exactly the same issue. Also had some files that failed loading today, until we refresh several times and files finally get cached.

Hi there,

I’m really sorry that you are experiencing this issue.
We believe this issue is an intermittent one that is only affecting a small minority of requests to cdnjs.

If you continue to experience the issue, please post your situation on our GitHub issue tracking this: https://github.com/cdnjs/cdnjs/issues/13165

Please include the requested resource URL, if SRI was being used, the full request and response headers (or HAR).

  • Matt.

Purely anecdotally, it’s a lot more than ‘a small minority’ of my requests. Thought I was going mad but I see that at least it’s a known thing.