Skip to main content

Access Control Allow Origin on Safari



  • Aleksandar Kostadinov

    Hi Juliana,

    Thanks for sharing the error and code.

    From this, I see that the browser rejected the request and returned this error message when it attempted to make a cross-site request to (which I believe is what you are using to receive the params to sign and return back a signature) and the cross-site request was not for a request to Cloudinary.

    It's not clear from the backend code what web framework you're using as it only shows one function, but if you are using Express for example, then you can find out how to enable CORS on your server under the following link:

    If you are not using Express, then the web framework you are using should also be able to support configuring CORS headers and it's worth checking their documentation on the exact ways you can enable that.

    Please let us know how it goes.


  • Juliana

    Hello Aleksandar,
    Thanks for the answer.

    Actually the Request is done directly by my Frontend and is being rejected by Cloudinary endpoint: " ...."

    "mydomain" is just not to expose my domain here in support.
    and its used on the query parameter: eager_notification_url=${notification}

    the Upload is done in Frontend so the error has nothing to do with Express or Backend.

    I'm using my Backend just to sign the parameters and get the signature using the official Lib from NPM and this is happening normally.

    As I said, the Request works in some browsers, so I think it is the case to add or remove some Header in the request, but this must be done directly in Frontend.

    Thank you very much.

  • Aleksandar Kostadinov

    Hi Juliana,

    Thanks for your response.

    For us to better understand we would need the full error message without any obfuscation.

    May I please ask you to submit a ticket with us directly via - - and share with us a screenshot of the error or a link to your site which we can use to reproduce the issue?

    In general, when we receive an OPTIONS (preflight) request (part of CORS flow) we take the value of the Origin header, which should be added by the browser automatically, and return that as part of the Access-Control-Allow-Origin in the response thus allowing the browser to send the subsequent request. Based on the error message you shared earlier, it appears that the preflight OPTIONS request either didn't specify the Origin header or the request header was blank and that would explain why the response from Cloudinary didn't include the "Access-Control-Allow-Origin" response header.

    Having said this, being able to reproduce the issue would be the quickest way to understand the reason for the error.

    Looking forward to your response.




Post is closed for comments.