CORS Missing Allow Origin when fetching /connect/token

When I am using Curl with my new application, I can successfully obtain a token and convert a word doc. However, when doing so from any server, using the same parameters, I am running into “CORS Missing Allow Origin” when trying to get the token. I have added the domains to the application’s CORS Origin URLs, e.g. and http://localhost:3000 so it should work.

Referrer Policy: strict-origin-when-cross-origin

And here are the request headers for the token request-- any help would be appreciated. Thanks!

OPTIONS /connect/token HTTP/2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://localhost:3000/
Origin: http://localhost:3000
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

I have tested the scenario using following cURL command without any issue. Hopefully, it will help you to accomplish the task.

curl -H "Origin: http://localhost:3000/" -X POST "" -d "grant_type=client_credentials&client_id=xxxx-xxxx-xxxx-xxxx-xxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json"

As I said, I already had it working with curl. Using curl does not cause the issue because curl does not have security related to CORS-- but calling the API from any web browser will cause the issue.

I know we can get around this by using a proxy, but I was hoping since the Aspose Dashboard asks for CORS Origin Urls, the server would include the necessary CORS headers to work with standard fetch in Node.js. Thanks, anyways-

Browser error-- aspose server response is missing required headers:

cors_missing_headers_from_aspose_server_040423.png (9.3 KB)

Aspose dashboard CORS Origin Urls:

cors_missing_headers_from_aspose_server_040423_Dashboard_settings.png (72.7 KB)

Per Mozilla-- Reason: CORS header 'Access-Control-Allow-Origin' missing - HTTP | MDN

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin. I would appreciate your help! Thanks!

Thanks for the additional information. We have logged a ticket(PLATFORM-1320) for further investigation and rectification. We will keep you updated about the issue resolution progress within this forum thread.

This is a problem I’m having as well. In the application’s dashboard one can set the CORS origin header, but this setting does not affect the /connect/token endpoint, which is a core functionality since you need it to create a token in a browser. Without this, it’s needed some sort of internal proxy server that prevents the CORS check made by the browser on this endpoint.


We are sorry for the inconvenience. We have already logged a ticket to resolve the above reported issue. We will notify you as soon as we fix it.