Access to XMLHttpRequest has been blocked by CORS policy


When you try to login to your site, you get no error message from the login screen but you still can't access your applications

If you press F12 in your browser, you can see the following error messages in the console:

Access to XMLHttpRequest at ... from origin ... has been blocked by CORS policy. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested source.



The request is being blocked by CORS policy. For example, when you type the following URL:

You get the error described above.

The server firewall settings are configured to forward data from internal port 80 to external requests coming from port 8009.


By default, the IIS settings are bind to forward data to port 80. 


The internal and external port of your GpsGate server URL should be the same. In our example the solution comes from:

1. Change the firewall settings to forward data from 8009 to an internal 8009 port.


2. Change the IIS settings to be bound to the port 8009 or a port that matches the external port.

2.1 Open your IIS manager and select the Default Site > Bindings


2.2 Change the default port from 80 to your custom port, in our example, 8009. 


2.3. Perform 'iisreset' from the command line to apply the changes.