CORS policy No Access-Control-Allow-Origin


im using the full distribution on a tomcat application server 7.11.0.

In my webapp i want to load resources via jQuery/ajax from a different origin. Every time i load the resources i get the following error:
access to XMLHttpRequest at ‘https://different origin’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

How do i allow access to the resources? I already tried to configure the web.xml in the engine-rest and the server/conf folder with the propertys:


but it doesnt work. Maybe one of you knows how to do that. You would help me a lot.

Hi @Adrian,

you have to configure the Server at different origin to reply with a valid access-control-allow-origin header. The request is blocked by your browser, not the camunda engine

Best Regards

thanks for the response. Do you mean the local tomcat server or the server I’m loading the resources from?

The server you are loading the resources from, not localhost. You can find it in the error message at this location: access to XMLHttpRequest at --> ‘https://different origin’ <---

i already get the value http://localhost:8080 as response for the attribute access-control-allow-origin but it still does not work