Skip to main content
Cross-Origin Resource Sharing (CORS) is an HTTP-header based security feature that allows a server to indicate which domains, schemes or ports a browser should accept content from. When a browser-based app, by default, only loads content from the same origin as the original request, CORS errors can appear if the responses come from a different origin. Pinecone’s current implementation of CORS can cause this mismatch and display the following error:
console
No 'Access-Control-Allow-Origin' header is present on the requested resource.
This error occurs in response to cross-origin requests. Most commonly, it occurs when a user is running a local web server with the hostname localhost, which Pinecone’s Same Origin Policy (SOP) treats as distinct from the IP address of the local machine. To resolve this issue, host your web server on an external server with a public IP address and DNS name entry.

About Localhost (running a web server locally)

Localhost is not inherently a problem. However, when running a web server on a local machine (e.g., laptop or desktop computer), using “localhost” as the hostname can cause issues with cross-origin resource sharing (CORS). The reason for this is that the Same-Origin Policy (SOP) enforced by web browsers treats “localhost” as a different origin than the actual IP address of the machine. For example, if a web application running on “localhost” makes a cross-origin request to a server running on the actual IP address of the machine, the browser will treat it as a cross-origin request and enforce the SOP. To allow cross-origin requests between “localhost” and the actual IP address of the machine, the server needs to explicitly allow them by including the appropriate CORS headers in its response. However, as mentioned earlier, running a web server on a local machine can present security risks and is generally not recommended for production use. Therefore, while “localhost” itself is not a problem, using it as the hostname for a web server can cause CORS issues that need to be properly addressed. Additionally, running a web server on a local machine should be done with caution and only for development or testing purposes, rather than for production use.