Getting CORS using tus (Direct creator uploads)

i am getting CORS error on while trying to upload a file using tus-js-client.

how to resolve this ?

i am getting a similar error but a bit different

Access to XMLHttpRequest at '[..]0762ae558?tusv2=true' from origin '##redacted##' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi all, we’ve set up a demo codepen where you can input the tokenized tus url and attempt an upload:

If your upload succeeds using this page, it means there is an issue with your client-side code.

Also, if your client side page resides on localhost, you may see CORS-related errors. We’d advise you to publish it to your domain and retry.


getting the same CORS error here as well.
we deployed the code on our dev server and still getting the same CORS error
can it be realted to allowedOrigins property in Upload-metadata ?

can you please help us out, i am getting the cors error on the codepen as well

Sent you a private message!

Hi, did you figure it out? I am having the same issue.

Hi, what OS/browsers are you having the issue on?

Im on chrome. I’ve tried the codepen - it shows upload successful. But it remains as “pending” on dashboard.

Got it. Can you privately message me the url that you are pasting into the codepen so I can investigate further?

I just registered to this community. I don’t see an option to send PM.
I’ll just post the link here. I think it should be fine since it will expiry (in 30 min) anyway…

If possible, please pm me - i think i can reply but not send messages.

Figured out the issue with the help of @zaid

For anyone that come across in the future.

The endpoint URL you are giving in your client (uppy/tus-js etc) should point to your server (not url) - The server should returns the url in the “location” header.

Maybe this will help clarify for others who visit this page:

The order in which you do direct creator upload with TUS is:

  1. Server side POST request to$ACCOUNT/stream?direct_user=true with your Cloudflare API key. This request will return a response with a location header and a stream-media-id header. Save these.
  2. Client side requests to upload using the TUS js library or Uppy using the URL in the location header.
  3. Once the client side upload is complete, the URL will stop working.
1 Like

The linked codepen demo fails with CORS errors for me, as does my code using uppy + React on localhost. I’m following exactly the steps above and have tried with and without allowedOrigins set in the request.

For my own code, the URL is requested from my server, then sent to client where its used to upload via Uppy + TUS. The URL is in the format:<ID>?tusv2=true. Uploads to the default URL in the codepen demo work fine.

I’m on Brave Version 1.18.75 Chromium: 87.0.4280.101 (Official Build) (64-bit). Tried in normal and in-private modes. The errors are:

Access to XMLHttpRequest at '<ID>?tusv2=true' 
from origin '' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can upload videos manually and stream them using the react player.

I found this step a bit unclear.

What removed CORS errors for me was following this advice

The steps I followed were:

  1. Point Uppy’s endpoint to my server’s API endpoint (not cloudflare upload URL)
  2. My server requests an upload URL from cloudflare API (extracting it from the location header).
  3. My server then sends an empty 201 response with the upload URL in it’s own Location header
  4. Uppy automatically extracts the Location header and uploads the correct URL

Yes! Thank you for explaining better than I did.


how did you get stream-media-id from response?.
uppy redirect endpoint to one time url that present in Location header.

i can’t find the option to extract response.!