No 'Access-Control-Allow-Origin' header is present on the requested resource with Cross Origin Resource Sharing (CORS) in B2C Commerce

Publiceringsdatum: Nov 19, 2025

Beskrivning

When browsing on your B2C Commerce Storefront, you see errors like the one below in the browser console:

Access to font at 'https://www.sfcctest.com/on/demandware.static/Sites-US-Site/-/en_US/v1111111111111/css/fonts/Arial.woff'; from origin 'https://notsfcctest.com'; has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Lösning

Cross Origin Resource Sharing (CORS) headers may not be passed with the static content hosted on the B2C Commerce platform.

This is because the B2C Commerce platform does not support hosting of static content for other websites to reference. As a result, the static files will need to be uploaded directly either to the provider that hosts the other site, or to another host that supports the Access-Control-Allow-Origin CORS header for static content.

Please note that the Access-Control-Allow-Origin header (and the other CORS response headers) are supported for OCAPI requests and dynamic requests (controllers and pipelines). The headers need to be added in the OnRequest.js file under app_storefront_core/cartridge/scripts/request.

For more information, please review the dw.system Class.

Knowledge-artikelnummer

000391299

Löste denna artikel ditt problem?

Berätta för oss vad vi kan förbättra!

No 'Access-Control-Allow-Origin' header is present on the requested resource with Cross Origin Resource Sharing (CORS) in B2C Commerce

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List