No 'Access-Control-Allow-Origin' header is present on the requested resource

Issue

You are seeing an error in the build console:

Access to XMLHttpRequest at "https://JENKINS_URL/SOME_REQUEST" from "https://JENKINS_URL/" has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.▼

Environment

CloudBees CI (CloudBees Core)
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
CloudBees Jenkins Enterprise
CloudBees Jenkins Enterprise - Managed controller
Jenkins LTS

Resolution

We can see from the error message that Jenkins is calling an HTTP endpoint from an HTTPS origin. The first question to ask yourself is whether this is expected. Is SSL implemented correctly? If not, please change the Jenkins URL in Manage Jenkins -→ Configure Systems to HTTP until SSL is ready to use.

Workaround

Use the CORS Filter Plugin to include the additional origins.

References

Cross-origin resource sharing

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.