Cloudflare Stream TUS Upload - CORS XmlHttpRequest error (pt 2)

Unfortunately, I’m still receiving this error, and my original post was closed. (

“origin ‘https://localhost:5002’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

Do I need to add localhost:5002 as an allowed origin somewhere?

My current process is that I’m generating a URL that looks like this: ‘

Then I’m trying to use a TUS Client to my upload my file to that url.

I can see on my Stream Dashboard that the video is “pending” and greyed out, but it never leaves that state.

1 Like

@jared18 Could you share your solution? You mentioned it worked for you.

@joshua.sanders mine was fixed with an update from the Cloudflare team - their update broke it to begin with. Sorry hijacking your post.

1 Like

Having the same issue right now

1 Like

I am also encountering it as of this moment. Does CF team did an update again?

1 Like

Hey @kkipp, you mentioned there was a hotfix? Perhaps my request is incorrect?

Following up to keep this alive. Unable to upload resumable videos. How am I supposed to recreate TikTok without resumable videos!

Having the same error after using the example provided here with uppy: Direct creator uploads · Cloudflare Stream docs’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

1 Like

Same issue here. Looks like the issue is here as well: Cloudflare Stream TUS Upload - CORS XmlHttpRequest error - #9 by joshua.sanders (perhaps @kkipp can comment)

Let me describe what is happening. After you get a tus upload URL and pass it to uppy, it makes a preflight OPTIONS request and the resulting PATCH does not include the access control headers that were conveyed in the preflight OPTIONS.

After the payload is uploaded, I assume that the PATCH needs a Access-Control-Allow-Origin:

  • since the content type is application/json.

I have read every single issue on the forum regarding this, I feel obligated to convey that I am not sending any auth from the browser, I am doing it properly according to the ‘direct creator uploads’ docs.

It works for me when I set the authorization header with the api token, but I dont want my api token to be exposed in the browser, did you find any solution for that? @jaken

Hey, folks — we’ve spent some time looking into this and have not been able to reproduce the CORS issues you’re encountering. Can you share a HAR file so we can more thoroughly inspect what’s going on? You can email me — kkipp at cloudflare dot com. Thanks!

How do we generate a HAR file? I believe I had exact sample code in my previous ticket if you want to try and duplicate

This button right here. Note that this may include sensitive data, so please use our HAR sanitizer first before sharing.

Thanks for the reply, you can find my HAR attached to support request #3183983

Feel free to email me directly (also included in ticket) if there is anything else I can provide to help resolve this issue. Thanks again!

Hi @jaken. Can you confirm you’re appending the query param during URL creation in your backend correctly?

Direct creator uploads require a suffix of ?direct_user=true.

1 Like

That’s pretty funny, I was just now coming to report back that the undocumented query param was indeed the issue.

I highly recommend that this be documented on this page: Cloudflare API Documentation

Thank you for the quick turnaround! Best of luck to anyone else landing here from google with the same problem.

did you add this param “?direct_user=true” to the location header url or when requesting the upload url from cloudflare , because i tried both and it didn’t work for me

Requesting an upload url as shown here.

thanks, I have it like that too but it seems my error is different

My best advice is to read this page very closely, it is easy to misinterpret if you are acclimated to CRUD/REST intuitions. Especially this part:

Use this API (your server) endpoint directly in your tus client (eg. uppy). A common mistake is to extract the upload URL from your new API endpoint, and use this directly.