Questions tagged [cross-origin-read-blocking]

Cross-Origin Read Blocking (CORB) is a mechanism by which browsers block access to a resource which appears inappropriate for the context in which frontend code is trying to use the resource (for example, a `

Cross-Origin Read Blocking (CORB) is a security feature implemented in browsers that mitigates certain attacks by blocking access to resources which appear inappropriate for the context in which frontend code is trying to use the resource.

For example, XSSI is the technique of pointing a <script> tag at a target resource which is not JavaScript, and observing some side effects when the resulting resource (e.g. a JSON document) is interpreted as JavaScript. CORB prevents the browser from executing, as a script, documents with an application/json MIME type.

See also:

245 questions
181
votes
15 answers

Cross-Origin Read Blocking (CORB)

I have called third party API using Jquery AJAX. I am getting following error in console: Cross-Origin Read Blocking (CORB) blocked cross-origin response MY URL with MIME type application/json. See…
Jignesh
  • 1,839
  • 2
  • 8
  • 5
36
votes
3 answers

How to make a cross-origin request in a content script (currently blocked by CORB despite the correct CORS headers)?

I am developing a Chrome extension which makes requests from certain websites to an API I control. Until Chrome 73, the extension worked correctly. After upgrading to Chrome 73, I started getting the following error: Cross-Origin Read Blocking…
16
votes
2 answers

How to avoid Cross-Origin Read Blocking(CORB) in a chrome web extension

I wrote a chrome web extension to avoid CORS limitation when developing my own web apps. The extension is a developers' tool and used to proxy the request from the source url to the dest url. The extension core code like this, thus developers can…
13
votes
1 answer

CORB blocking dynamic AdSense advertisements

I have a server-side rendered Angular application in which I'm using ng2-adsense to display AdSense ads on certain routes. I've noticed that most of the time (not all of the time), my ads don't display and I get warnings in the Chrome Dev Console…
Jack Guy
  • 8,346
  • 8
  • 55
  • 86
11
votes
2 answers

Chrome CORB blocking APIGateway lambda request

What works I have a simple word game I've built. It works great. One thing users have requested is a word validity check. I am running the oxford dictionary api on an AWS Lambda Proxy/Node.js end-point, which works great when I access the APIGateway…
Radio
  • 2,810
  • 1
  • 21
  • 43
9
votes
0 answers

Google maps api: Cross-Origin Read Blocking (CORB) blocked cross-origin response

I'm trying to perform a simple GET request to the google maps API, but my browser keeps blocking the response. I'm getting the following warning in my console: Cross-Origin Read Blocking (CORB) blocked cross-origin response…
8
votes
2 answers

How To Solve This Problem : Cross-Origin Read Blocking (CORB) blocked cross-origin response

Warning is : jquery-1.9.1.js:8526 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.metaweather.com/api/location/search/?query=lo with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768…
Smit Pipaliya
  • 327
  • 1
  • 8
  • 18
8
votes
1 answer

Ajax call bug with Chrome new version 73.0.3683.75?

My code was working fine before the Chrome update. I make an ajax call to my server. My server receives the call, returns JSON to the client, but the answer is always empty. When I look in Fiddler I get an answer from the server. I try with JQuery,…
7
votes
1 answer

Can anyone show me how to eliminate Cross-Origin Read Blocking (CORB) error when using a tracking pixel?

I am not sure why I am getting a CORB error when trying to use a tracking pixel. I thought that these errors do not occur if images are served back and the content type is an image (gif or jpeg). The exact error is: Cross-Origin Read Blocking (CORB)…
6
votes
2 answers

Chrome extensions CORB: How to react to updates in the shared DOM

Trying to build a chrome extension content script that adds an extra useful nav to a GitHub issue page. When interaction is done through the normal webpage (the end user click an reaction emoji) - my injected element gets lost. The only way I have…
6
votes
2 answers

CORB OPTIONS Requests Blocked in Chrome 73

It appears that in a recent Chrome release, (or at least recently when making calls to my API --- haven't see it until today), Google is throwing warnings about CORB requests being blocked. Cross-Origin Read Blocking (CORB) blocked cross-origin…
Crayons
  • 1,906
  • 1
  • 14
  • 35
6
votes
1 answer

Getting Cross-Origin Read Blocking (CORB) error with WooCommerce PayPal Gateway

I'm using the WooCommerce PayPal Checkout Gateway and I just noticed that when I load the checkout page where the PayPal payment option appears I am getting this in my console: Cross-Origin Read Blocking (CORB) blocked cross-origin response …
Brett
  • 19,449
  • 54
  • 157
  • 290
5
votes
1 answer

Disable Cross-Origin Read Blocking (CORB) in brave browser

I am serving static content (html, css and js) using lighttpd. I want to call api from a server hosted on the localhost using a wsgi application with python. I am getting the following error when I am trying to call the api from frontend (using…
Tahlil
  • 1,031
  • 1
  • 14
  • 26
5
votes
1 answer

How to disable CORB in Chrome 74+

I want to debug a local dev environment issue potentially caused by CORB in Chrome 74. I want to see if - when I swith off CORB - the issue goes away. The according Google developer docs say that You can confirm if a problem is due to CORB by…
Robert
  • 1,710
  • 2
  • 18
  • 35
5
votes
1 answer

Trying to Convert jQuery ajax to ES6 fetch

In an effort to not use jQuery (if ajax is all I need it for) I have the following ajax call that works like a champ. $.ajax({ type: "POST", url: "/Tests/EEG/Portable/Index?handler=Testing", beforeSend: function (xhr) { …
Grandizer
  • 2,819
  • 4
  • 46
  • 75
1
2 3
16 17