CORS and PDF not loading!

PDF loading can be prevented by many causes. We will discuss some of them here:


Note: CORS access settings may not be available for servers like Google Drive, One Drive, or other file sharing services. They do so to protect their bandwidth. These solutions are possible for servers that are owned by the customers or have access to such settings.

CORS(Cross-Origin Resource Sharing) is common when multiple domains are in use. Modern browser security has gotten stricter and file success between different protocols and domains are restricted by default.

DearPDF uses PDF.js that relies on Ajax requests to fetch PDF files and then render them using HTML5. This is where CORS applies when the PDF file and page, where PDF viewer is added, are in different protocol or domain. You can check if the following conditions are met to see if you have such a situation:

CORS due to improper HTTPS configuration: #

This is a result of improper https redirection. We recommend using the proper setup to redirect every HTTP request to https to avoid any conflict.

CORS due to multiple domain usage: #

If you are using the file from another domain, make sure you have a proper CORS setup done in another domain. Example: PDF viewer is added in while the PDF used is from

For Apache Server, add following lines in .htaccess file

Header set Access-Control-Allow-Origin "*" 
Header set Access-Control-Allow-Headers "Range" 
Header set Access-Control-Expose-Headers: "Accept-Ranges, Content-Encoding, Content-Length, Content-Range"

More Info:

Related messages: CROSS ORIGIN!! Error: Cannot access file!

Leave a Reply

Your email address will not be published.