Skip to content

Why does my http://localhost CORS origin not work?

I am stuck with this CORS problem, even though I set the server (nginx/node.js) with the appropriate headers.

I can see in Chrome Network pane -> Response Headers:


which should do the trick.

Here’s the code that I now use to test:

var xhr = new XMLHttpRequest();
xhr.onload = function() {
   console.log('xhr loaded');
};'GET', '');

I get

XMLHttpRequest cannot load Origin http://localhost is not allowed by Access-Control-Allow-Origin.

I suspect it’s a problem in the client script and not server configuration…



Chrome does not support localhost for CORS requests (a bug opened in 2010, marked WontFix in 2014).

To get around this you can use a domain like (which points at just like localhost) or start chrome with the --disable-web-security flag (assuming you’re just testing).