This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy. We've already written an explainer on what CORS headers are and what they do ( which you can find here), but to summarize: CORS is a mechanism for relaxing the 'Same-Origin' policy of modern browsers to allow things like serving your static content from and your dynamic content from. In short, the 'access-control-allow-origin' header is a Cross-Origin Resource Sharing (CORS) header. Sure, it tells you that there's a header missing, but from where is it missing, and what should it be? Searching for it on the internet is likely to bring up a popular forum where the most common answer is worse than wrong – it's dangerous. This error is up there as one of the least helpful error messages.
How to Fix 'No 'Access-Control-Allow-Origin' Header Present'
