Request header is not allowed by Access-Control-Allow-Headers in preflight response

Hoping someone out there can assist me with this CORS related error I’m receiving.

Access to fetch at ‘n8n-workflow-url’ from origin ‘https-n8n-app’ has been blocked by CORS policy: Request header field noodl is not allowed by Access-Control-Allow-Headers in preflight response.

The error occurs on a self hosted Noodl app on AWS S3/Cloudfront that is communicating with an n8n instance running on AWS ECS. I do not receive the error when triggering the n8n workflow via Noodl locally in the editor. When I remove the authentication header requirement ‘noodl’ from the n8n workflow, I can run the workflow both on Cloudfront and locally in editor.

n8n is running on ECS and I have configured the task definition to allow for the ‘noodl’ header along with other required variables (see below)

Also attaching the Cloudfront Origin Request Policy and Cloudfront Response Headers Policy used for the Noodl app running through a Cloudfront distribution.

Thanks for your support!

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Hi @bimm123

Thanks for posting here and welcome to the community! :partying_face:

I am not sure I can recreate the issue you are encountering and whether this is n8n-related.
Are you using a webhook node for this? We introduced the Allowed Origins CORS option in our version 1.19.4

Thanks @ria!

I am indeed using a webhook node and using n8n 1.4.0. However I do not see ‘Allowed Origins CORS’ available to me. Sharing a screenshot of what I do see along with some of my configurations. Thanks for your support!

1 Like

Updating the the latest n8n made that CORS setting available. Everything works after enabling it. Thanks!!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.