CORS header ‘Access-Control-Allow-Origin’ cannot be set

Hello everybody,

I´m trying to access a WMS from statistik.at. Everything is working fine, when i use a browser extension that disables CORS errors, but as soon as I deactivate it i get the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.statistik.at/gs-inspire/VIEW_PD_POPREG_500M/ows?SERVICE=WMS&VERSION=1.3.0&service=WMS&version=1.1.1&request=GetMap&styles=&format=image%2Fjpeg&layers=PD.StatisticalDistribution&bbox=90%2C0%2C180%2C90&width=256&height=256&srs=EPSG%3A4326. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

So, I´ve tried to set the missing header:

new WebMapServiceImageryProvider({
url: new Resource({
url:
‘https://www.statistik.at/gs-inspire/VIEW_PD_POPREG_500M/ows?SERVICE=WMS&VERSION=1.3.0’,
headers: {
‘access-control-allow-origin’: ‘www.statistik.at’,
},
}),
layers: ‘PD.StatisticalDistribution’,
});

But the behaviour of setting access-control-allow-origin is rather unexpectable, because it set´s the following header:

Access-Control-Request-Headers: access-control-allow-origin

which makes every single request invalid…

I hope that someone can help me out! looking forward for any ideas.

Thank you

Simon,

The ‘Access-Control-Allow-Origin’ header needs to be enabled in the configuration of the WMS server itself. If it’s a 3rd party service you likely won’t have control over it, or perhaps you could submit a request to the provider. There’s not much else you can do from your end but use the browser extension to bypass that header check.

Hi @Corey,

thank you for your replay.
I am already working on a proxy to bypass this problem.