You need to sign in to do that
Don't have an account?
mkaufman
Static Resource loaded by LWC is blocked by CORS policy due to header mismatch
We have an LWC that works perfectly in all orgs.
We use Lightning Out in a VF Page to display the LWC in multiple orgs.
In only some of those orgs, we are starting to see a CORS issue due to the static resource being served by a different url than the CORS header accompanying it.
We have tried making the static resource private and public, same problem.
The problem goes away for a user, if that user goes to setup and downloads the static resource (it will still remain for other users in the org until they do so too though).
Here's the actual CORS error (sanitized for privacy) from the browser dev console:
Access to XMLHttpRequest at 'https://acme--c.visualforce.com/apex/VFPage?id=a026g00000F6SkOAAV&isdtp=p1&sfdcIFrameOrigin=https://acme.lightning.force.com' (redirected from 'https://acme--c.na174.visual.force.com/apex/VFPage?id=a026g00000F6SkOAAV&isdtp=p1&sfdcIFrameOrigin=https://acme.lightning.force.com') from origin 'https://acme--c.na174.visual.force.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
We use Lightning Out in a VF Page to display the LWC in multiple orgs.
In only some of those orgs, we are starting to see a CORS issue due to the static resource being served by a different url than the CORS header accompanying it.
We have tried making the static resource private and public, same problem.
The problem goes away for a user, if that user goes to setup and downloads the static resource (it will still remain for other users in the org until they do so too though).
Here's the actual CORS error (sanitized for privacy) from the browser dev console:
Access to XMLHttpRequest at 'https://acme--c.visualforce.com/apex/VFPage?id=a026g00000F6SkOAAV&isdtp=p1&sfdcIFrameOrigin=https://acme.lightning.force.com' (redirected from 'https://acme--c.na174.visual.force.com/apex/VFPage?id=a026g00000F6SkOAAV&isdtp=p1&sfdcIFrameOrigin=https://acme.lightning.force.com') from origin 'https://acme--c.na174.visual.force.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
There is a change in CORS errors for static resources post Winter21. Check below reference for more details if issue is not solved please contact Salesforce support.
https://help.salesforce.com/s/articleView?id=000355604&type=1
Hope above information was helpful.
Please mark as Best Answer so that it can help others in the future.
Thanks,
Hi mkaufman,
Have you resolved this issue, I am facing the same one ?