Request to load embedded viz returns CORS error "URL has been blocked by CORS policy" on Tableau Cloud

Date de publication: Sep 24, 2025

Description

Tableau Embedded views can result in the following error:

Access to fetch at 'https://pod.online.tableau.com/vizportal/api/web/v1/auth/embed/signin' from origin 'URL' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Note: CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts web pages from making requests to a different domain than the one that served the web page. This is why you see the error.

Résolution

Option 1

Configure Allowed Domains in Tableau Cloud:

Log in to your Tableau Cloud site as a site administrator.
Navigate to Settings (usually in the left pane).
Look for a section called Connected Apps. Within the connected app settings, you'll find an option for Domain allowlist.
Add the exact URL(s) of the website(s) where you are embedding the Tableau visualization to this allowlist. Ensure you include the protocol (e.g., https://) and the full domain name (e.g., https://www.yourwebsite.com). This tells Tableau Cloud to allow content to be embedded on these specific domains.

Option 2

Different versions of code on the Tableau Cloud pod where a site is hosted and the version of the Embedding API library available at the embedding URL used for the source may result in the CORS error being returned.

In this case, update the Embedding API library URL in the website/application to include the pod where the Tableau Cloud site is hosted.

For example, instead of using:

<script type="module" src="https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js"></script>

use:

<script type="module" src="https://10az.online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js"></script>

Your pod is shown in the first portion of the site URL after signing in.
Example: https://10az.online.tableau.com is the United States - West (10AZ) pod.

Numéro d’article de la base de connaissances

001498319

Cet article a-t-il résolu votre problème ?

Dites-nous ce que nous pouvons améliorer !

Request to load embedded viz returns CORS error "URL has been blocked by CORS policy" on Tableau Cloud

Note: CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts web pages from making requests to a different domain than the one that served the web page. This is why you see the error.

Option 1

Option 2

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List