Skip to main content

No 'Access-Control-Allow-Origin' header is present on the requested resource



  • Raya Straus

    Hi Ruth,

    Can you please share with us your code?

    Looking forward to your reply.



  • Brad Smith

    browseFiles.addEventListener('click', () => {
      return axios({
        url: `https://${API_KEY}:${API_SECRET}${CLOUD_NAME}/resources/image`,
        method: 'GET',
        headers: {
          'Content-Type': 'application/json'
      }).then(res => {
      }).catch(function (err) {
  • Brad Smith

    works all day long from curl on cmd line    


    WHERE IS THE DOCUMENTATION on how to format a basic request to list resources? ( the documentation that actually speaks to this error that is:   

    // Response to preflight request doesn't pass access control check:
    // No 'Access-Control-Allow-Origin' header is present on the requested resource.


  • Raya Straus

    Hi Brad,

    Thanks for providing us with your implementation.

    Please note that calling the Admin API's resource method is not supported via client side. Moreover, using admin API requires the account's secret key. It should not be used in client code since it leaks that secret.
    The safer alternative would be creating a custom endpoint in your backend which calls Cloudinary's admin API for the resources (so that the secret is not exposed).

    Hope this helps, please let me know if you have any further questions.




Post is closed for comments.