[SOLVED] Can't access contents API due to CORS issue

I have…

  • [ ] Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [x] Bug report
  • [ ] Performance issue
  • [ ] Documentation issue or request

Current behavior

We can’t access our app due to a CORS issue, here is an image describing our issue:

Request URL:

OPTIONS https://contents.squidex.io/mine-app/text-manager/8ead23e5-8aea-4fd4-892d-f0b860c6ab64


Fastly error: unknown domain: cloud.squidex.io. Please check that this domain has been added to a service.

Details: cache-fra19171-FRA

Expected behavior

We should be able to access the API

Minimal reproduction of the problem


  • [ ] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [x] Cloud version

Version: [VERSION]


  • [x] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge


this is the URL for reproduce:

Hi, I have added CORS to CDN, but cached responses will not be affected by that immediately.

I would like to try your link, but it does not work.

It’s ok now it looks like it’s working, but it works only for our prod domain
we have also Staging & local environments that call the same API but get rejected with the same error

It could be the cache. There is no domain restriction or so.

1 Like

I’ve tried from another browser and it still throws an error:

Have you checked the headers? You could add query string or so to purge the cache.

I can see an error that says: XHR OPTIONS https://contents.squidex.io/mine-app/text-manager/8ead23e5-8aea-4fd4-892d-f0b860c6ab64
CORS Missing Allow Origin

I have added the config for the preflight request.

thanks, now it says another thing:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://contents.squidex.io/mine-app/text-manager/8ead23e5-8aea-4fd4-892d-f0b860c6ab64. (Reason: header ‘x-flatten’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

Can you check it again?

awsome!!! it’s working now! thank u soo much :slight_smile:

1 Like

This topic was automatically closed after 2 days. New replies are no longer allowed.