CORS header ‘Access-Control-Allow-Origin’ cannot be set

Hello everybody,

I´m trying to access a WMS from Everything is working fine, when i use a browser extension that disables CORS errors, but as soon as I deactivate it i get the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

So, I´ve tried to set the missing header:

new WebMapServiceImageryProvider({
url: new Resource({
headers: {
‘access-control-allow-origin’: ‘’,
layers: ‘PD.StatisticalDistribution’,

But the behaviour of setting access-control-allow-origin is rather unexpectable, because it set´s the following header:

Access-Control-Request-Headers: access-control-allow-origin

which makes every single request invalid…

I hope that someone can help me out! looking forward for any ideas.

Thank you


The ‘Access-Control-Allow-Origin’ header needs to be enabled in the configuration of the WMS server itself. If it’s a 3rd party service you likely won’t have control over it, or perhaps you could submit a request to the provider. There’s not much else you can do from your end but use the browser extension to bypass that header check.

Hi @Corey,

thank you for your replay.
I am already working on a proxy to bypass this problem.