Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Javascript Web App CORS Error

Hello, I am planning to write a very simple Javascript web app that will retrieve some info about a video given the video ID. When running a test call to the API using a local testing server, I run into the following error when I make an HTTP request to the Session API after receiving an access token:

"Access to fetch at 'https://boisestate.hosted.panopto.com/Panopto/api/v1/sessions/01e0cd15-a458-433b-a2dd-aa6301026549' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://boisestate.hosted.panopto.com' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

Here are the settings for the API client:

Thanks in advance for any help you can provide.


  • Options
    Joe MalmstenJoe Malmsten Panopto Employee

    Hi Chas,

    There is a setting that one of your Panopto administrators should be able to access to add additional allowed cross-origin request domains. The setting is under System->Settings->Security - API - Allowed API Origins. This should be a list of domains that are allowed to make cross-origin calls from a browser to the Panopto API, with each domain separated by a space.

    Can you have one of your Panopto admins add your testing domain to this setting, and see if that fixes the CORS error?

    If this does not resolve the issue, or if you have any other questions, please let me know.



Sign In or Register to comment.