No 'Access-Control-Allow-Origin' header is present on the requested resource with Cross Origin Resource Sharing (CORS) in B2C Commerce

Fecha de publicación: Nov 19, 2025

Descripción

When browsing on your B2C Commerce Storefront, you see errors like the one below in the browser console:

Access to font at 'https://www.sfcctest.com/on/demandware.static/Sites-US-Site/-/en_US/v1111111111111/css/fonts/Arial.woff'; from origin 'https://notsfcctest.com'; has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Solución

Cross Origin Resource Sharing (CORS) headers may not be passed with the static content hosted on the B2C Commerce platform.

This is because the B2C Commerce platform does not support hosting of static content for other websites to reference. As a result, the static files will need to be uploaded directly either to the provider that hosts the other site, or to another host that supports the Access-Control-Allow-Origin CORS header for static content.

Please note that the Access-Control-Allow-Origin header (and the other CORS response headers) are supported for OCAPI requests and dynamic requests (controllers and pipelines). The headers need to be added in the OnRequest.js file under app_storefront_core/cartridge/scripts/request.

For more information, please review the dw.system Class.

Número del artículo de conocimiento

000391299

¿Resolvió este artículo su problema?

¡Háganos saber cómo podemos mejorar!

No 'Access-Control-Allow-Origin' header is present on the requested resource with Cross Origin Resource Sharing (CORS) in B2C Commerce

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List