# CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

### Problem and Symptoms <a href="#draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-problemandsymptoms" id="draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-problemandsymptoms"></a>

All of a sudden, starting August 5, 2021, the proofreading service stopped working despite the fact that previous it worked properly. There are CORS errors in the browser console and failed requests observed in network tabs.

**Affected products/integrations**: WProofreader add-on for RTEs, WProofreader plugin for CKEditor 5, SCAYT plugin for CKEditor 4 utilizing the Cloud version.

Here is an example of an error thrown in the browser console:

```javascript
Access to XMLHttpRequest at '' 
from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

wscbundle.js?_=1628087864273:40 The WebSpellChecker Service is currently unavailable. 
POST  net::ERR_FAILED
```

### Root cause <a href="#draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-rootcause" id="draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-rootcause"></a>

Effective August 5, 2021, we introduced the security update/improvement for all cloud services that restrict access to the service over HTTP. Technically, all the requests to HTTP are redirected to HTTPS. It works properly for static web content and direct API requests but not for API requests originated from other originals which are blocked by the cross-origin resource sharing (CORS) policy.

### Solution <a href="#draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-solution" id="draft-corspolicy-noaccesscontrolalloworiginheaderispresentontherequestedresource.-solution"></a>

To solve the issue, the service resources must be loaded via HTTPS. Thus, updates in the configuration of the service are required. It doesn't mean that you need to change the configuration of your website or web app to HTTPS right away. However, it is highly recommended as a modern best practice to ensure data security, integrity, and privacy.

**SCAYT plugin for CKEditor 4**

If you are using the SCAYT plugin for CKEditor 4, please add the **scayt\_srcUrl** to CKEditor **config.js** along with the rest settings that will load the plugin resources via HTTPS.

```javascript
config.scayt_srcUrl ='https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js';
```

**WProofreader add-on for RTEs**

In the case of WProofreader integration, just load the **wscbundle.js** script over HTTPS.

```javascript
<script type="text/javascript" src="https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js"></script>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wproofreader.com/v6.12.0/troubleshooting/server-side-backend/cors-policy-no-access-control-allow-origin-header-is-present-on-the-requested-resource.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.