Static sites missing Access-Control-Allow-Origin in response headers

My use case is the browser loading static parts of a page from the static server. Eg., a nav bar. The main page is served by a web service. This works fine with my static HTML pieces on Netlify.

Netlify includes the header, Access-Control-Allow-Origin: *. This allows the browser to request it.

I’m trying to migrate the static content to Render:

https://website-static-content.onrender.com/oregon.public.law/children-nav/statutes/ors_chapter_320

But Render does not include an Access-Control-Allow-Origin header, and so the browser will not load it (when part of the main page. It will, of course, load it if requested directly via a URL like above.)

Is there a way to configure Access-Control-Allow-Origin for a static site? If not, I might need to stay with Netlify.

I’m not a CORS expert, but this is my best understanding. The nav bar is broken when retrieving it from Render, but works fine when retrieving from Netlify.

Ok, I solved my problem — I had gone to the static site “settings” tab, but overlooked “headers”. There, I was able to define Access-Control-Allow-Origin.

I’d say to Render: maybe consider adding a documentation note somewhere about this ‘gotcha’, and it’s resolution. Or even, set a default for the header. Access Control for static content vs. say, a bank login, is generally safe to default to * like Netlify does. ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.