Access to XMLHttpRequest at 'https://services.example.com' from origin 'https://www.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

[EbaadAhmed]

Hello, using Cefsharp windows version 96.0.180

facing this issue (not using the actual website name, replaced with example.com)

Access to XMLHttpRequest at 'https://services.example.com' from origin 'https://www.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

i tried the following things but still facing the issue
settings.RegisterScheme(new CefCustomScheme {
SchemeName = "https",
DomainName = "www.example.com"
});

            tried adding the command line 
            settings.CefCommandLineArgs.Add("disable-features", "OutOfBlinkCors");
            
            tried adding the following on frameloadend, Console message, 
            CefSharp.Cef.AddCrossOriginWhitelistEntry("www.example.com", "https", "www.example.com", true);

tried modifying the request headers in ResourceRequestHandle onbeforeResourceload

headers["Access-Control-Allow-Origin"] = "https://www.example.com/";
headers["Access-Control-Allow-Methods"] = "GET, POST, PUT";
headers["Access-Control-Allow-Headers"] = "Content-Type";
headers["Access-Control-Allow-Credentials"] = "true";

[amaitland]

In future please format your code so it's readable.

CefSharp.Cef.AddCrossOriginWhitelistEntry("www.example.com", "https", "www.example.com", true);

Needs to be fixed upstream see https://bitbucket.org/chromiumembedded/cef/issues/2918/cefaddcrossoriginwhitelistentry-not-fully

tried modifying the request headers in ResourceRequestHandle onbeforeResourceload

Please provide a more detailed code example. You might not actually be setting the headers correctly.

[EbaadAhmed]

Hello, @amaitland thanks for your response.

The scenario is i am loading a website www.example.com which uses to get some data from subdomain www.services.example.com

When i use debugger settings.RemoteDebuggingPort = 8088; then i found out it is throwing an error of No 'Access-Control-Allow-Origin' header is present on the requested resource.

i tried the following code in ResourceRequestHandler OnBeforeResourceLoad

 protected override CefReturnValue OnBeforeResourceLoad(IWebBrowser chromiumWebBrowser, IBrowser browser, IFrame frame, IRequest request, IRequestCallback callback)
        {
var headers = request.Headers;
headers["Access-Control-Allow-Origin"] = "https://www.example.com/";
headers["Access-Control-Allow-Methods"] = "GET, POST, PUT";
headers["Access-Control-Allow-Headers"] = "Content-Type";
headers["Access-Control-Allow-Credentials"] = "true";
request.Headers = headers;
return CefReturnValue.Continue;
}

Also i tried to register scheme

 CefSharp.WinForms.CefSettings settings = new CefSharp.WinForms.CefSettings();
settings.RegisterScheme(new CefCustomScheme
                {
                    SchemeName = "https",
                    DomainName = "www.example.com"
                });

and also tried this

settings.CefCommandLineArgs.Add("disable-features", "OutOfBlinkCors");

I am using CEFsharp Winforms version 96.0.180

[amaitland]

Do you own the website in question? Adding the relevant headers is the easiest option.

[EbaadAhmed]

No i don't own that website

[amaitland]

I'd recommend avoiding making CORS requests. Make them using the same domain.

https://github.com/cefsharp/CefSharp/wiki/General-Usage#request-interception

[EbaadAhmed]

Cool, Unit test shows this works.