Sudden CORS Error – “No ‘Access-Control-Allow-Origin’ Header” (WebDev doOptions)

Tburgess · February 23, 2026, 6:40am

Howdy,

I have an Ignition WebDev API that is being called from a separate frontend built with React/NextJS.

This was working fine previously using my doOptions implementation, but when I tested again today, I started getting a CORS policy error stating that no Access-Control-Allow-Origin header is present on the response.

Here is my current doOptions code:

def doOptions(request, session):
    servletResponse = request["servletResponse"]
    servletResponse.addHeader("Access-Control-Allow-Origin", "*")
    servletResponse.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE")
    servletResponse.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization")
    servletResponse.addHeader("Access-Control-Max-Age", "3600")
    servletResponse.setStatus(200)
    return None

I’m not sure what else I should add or check to resolve this. Has anyone run into this before or know what might cause the headers to suddenly stop being included?

Thanks in advance for any help!

paul-griffith · February 23, 2026, 4:18pm

Any reverse proxy or anything in front of the servlet?
Did you recently upgrade Ignition or change your install base in some way?
Is your options method even being called?
- If you add logging to the Python code, do you get any output?
- If you do an OPTIONS request using a tool like curl, do you get the expected output?

Tburgess · February 24, 2026, 12:27am

No reverse proxy in place
Nothing has changed with my Ignition install
interestingly enough, nothing is showing up in my logs when I add them to my doOptions
when I do curl -X OPTIONS [my_endpoint] -i in my terminal I get this in my terminal

HTTP/1.1 200 OK
Date: Tue, 24 Feb 2026 00:23:50 GMT
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Content-Length: 0

paul-griffith · February 24, 2026, 2:44am

Inheritable project? Are changes in your GET or POST method reflected if you curl?

Tburgess · February 24, 2026, 6:01am

Not inheritable, but I just fixed it? I don’t know what really caused it, but this morning I disabled the doOptions, saved the project, and then I reenabled it and saved again, and then suddenly it works again like it did originally. So I guess this is solved now? Confusing to say the least. Thanks for the help as always though!

paul-griffith · February 24, 2026, 7:47pm

Well, I'll take it, even if it's not a very satisfying conclusion. Hopefully it doesn't crop up again.