CORS issue in erpnext portal when able to view Order

Hi Team,

I am experiencing a CORS (Cross-Origin Resource Sharing) issue when trying to access the ERPNext portal. Specifically, when I try to access a certain API endpoint or URL, I receive the following error message in my browser console:

Access to XMLHttpRequest at ‘http://localhost:8080/orders/SAL-ORD-2023-00002’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have tried accessing the same URL from a different domain or origin, but the issue persists. I have also tried disabling any browser extensions or plugins that may be interfering with the request, but that hasn’t helped either.

Please let me know if there is anything that can be done to resolve this issue. I have attached a screenshot of the error message for your reference.

Thank you for your help.

try allow_cors in site_config.json


Hi @revant_one ,
thanks for your quick response, I tried allow_cors but again getting same issue, is there anything else that i could check on other config dependencies, which could be breaking, could you please guide me on this

allow_cors key is not cors_allow_origin

also make sure you’re sending some kind of auth header to restrict endpoint.

hi @revant_one We are trying to self host erpnext. The authorization is removed from json and entered allow_cors key-value as “allow_cors”: “”. Still it gives 403 forbidden. Also tried running a bench command as bench --site erpsite set-config -p allow_cors "*" and with" but no success. Please advise if there’s a mistake anywhere. Appreciate if you could help here. Thanks !

what are your request headers?

Hi @revant_one ,
Thank you for your support and there no headers are available now i removed that. but again getting same issue i can’t able to resolve, could you please guide me mode details of this.

Hi @revant_one pls advise on how we can proceed here. This appears to be a blocker for website / ecommerce integration. Thanks in advance.

Can’t help you further.


Check docs and fix request. Check how to list and CRUD doctype. Check authentication.