MATLAB Answers


My domain is blocked by CORS policy: No 'Access-Co​ntrol-Allo​w-Origin' header is present on the requested resource.

Asked by jM Desmon on 20 Oct 2019
Latest activity Commented on by jM Desmon on 28 Oct 2019
Since this week I cannot add a talkback command using Javascript/Ajax. I get the following error in my web browser (Chrome)
Access to XMLHttpRequest at ''
from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
However the same code was working perfectly 2 weeks ago. It seems that my website is blocked on ThingSpeak.
When I try to submit the same command using CUIRL it works (from my PC).
curl -X POST -d "command_string=ON&position=1"
Here is the Javascript code I use:
type: 'POST',
url: ''+newState+'&position=1',
crossDomain : true,
success: function(data) {


Can you tell us more about the use case -- why is the web browser posting commands to talkbacks?
Talkbacks are primarily intended for use by devices. The CORS policy we have prevents this use from a web browser which does some additional validation on the client side when making the requests. We can look into putting in headers to prevent the browser from doing these checks depending on the use case.
I use talkback commands to remotely switch on/off my boiler. I use a web page to send commands. How can I work around this issue?

Sign in to comment.

1 Answer

Answer by Vinod
on 23 Oct 2019
 Accepted Answer

On further investigation, it appears that there is a difference between your AJAX code and the CURL command:
AJAX request is:
CURL request is -d "command_string=ON&position=1
Note the difference "apikey" v/s "api_key".
Can you please modify your AJAX request to use api_key and try again?

  1 Comment

You are totally right. I didn't note this difference. I just modified the AJAX request with api_key and it works. I do not understand why but it works. Thank you very much.

Sign in to comment.