# CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

### Problem and Symptoms <a href="#corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-problemandsymptoms" id="corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-problemandsymptoms"></a>

All of a sudden, starting August 5, 2021, the spell checking service stopped working despite the fact that previous it worked properly. There are CORS errors in browser console and failed request observed in network tabs.

**Affected products/integrations**: WProofreader add-on for RTEs, WProofreader plugin for CKEditor 5, SCAYT and Spell Check Dialog (WSC) plugins for CKEditor 4 untilizing the Cloud version.

Here is an example of an error thrown in the browser console:

```javascript
Access to XMLHttpRequest at '' 
from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

wscbundle.js?_=1628087864273:40 The WebSpellChecker Service is currently unavailable. 
POST  net::ERR_FAILED
```

### Root cause <a href="#corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-rootcause" id="corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-rootcause"></a>

Effective August 5, 2021, we introduced the security update/improvement for all cloud services that restrics the access to the service over HTTP. Technically, all the requests to HTTP are redirected to HTTPS. It works properly for static web content and direct API requests but not for API requests originated from other originals which are blocked by cross-origin resource sharing (CORS) policy.

### Solution <a href="#corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-solution" id="corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-solution"></a>

To solve the issue, the service resources must be loaded via HTTPS. Thus, the updates in the configuration of the service are required. It doesn't mean that you need to change the configuration of your website or web app to HTTPS right away. However, it is highly recommended as a modern best practice to ensure data security, integrity and privacy.

**SCAYT plugin for CKEditor 4**

If you are using the plugins for CKEditor 4, please add the **scayt\_srcUrl** (for SCAYT) to CKEditor **config.js** along with the rest settings that will load the plugin resources via HTTPS.

```javascript
// for SCAYT
config.scayt_srcUrl ='https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js';
```

**WProofreader add-on for RTEs**

In case of WProofreader integration, just load **wscbundle.js** script over HTTPS.

```javascript
<script type="text/javascript" src="https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js"></script>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wproofreader.com/v6.12.0/troubleshooting/client-side/cors-policy-no-access-control-allow-origin-header-is-present-on-the-requested-resource.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.