Access to external resource blocked by CORS policy

[andrewplummer]

When trying to test prerender I get a failure with the following error:

019-08-26T11:15:21.130Z { source: 'javascript',
  level: 'error',
  text:
   'Access to font at \'https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_cJD3gnD_vx3rCs.woff2\' from origin \'http://localhost:2200\' has been blocked by CORS policy: Request header field x-prerender is not allowed by Access-Control-Allow-Headers in preflight response.',
  timestamp: 1566818121129.915,
  url: 'http://localhost:2200/experience/play' }
2019-08-26T11:15:21.131Z - 0 https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_cJD3gnD_vx3rCs.woff2
2019-08-26T11:15:21.131Z { source: 'network',
  level: 'error',
  text: 'Failed to load resource: net::ERR_FAILED',
  timestamp: 1566818121130.127,
  url:
   'https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_cJD3gnD_vx3rCs.woff2',
  networkRequestId: '1000027665.19' }

Google fonts isn't mission critical for render, however I am also loading content dynamically from a CMS (https://contentful.com) that is. Metadata and all content is loaded here. If the policy can't be bypassed then prerender is effectively useless for my use case. I'm not an expert on CORS here, if this is only an issue for localhost then this may not be a problem, however if the same thing would happen on production then it would be a problem.

Any recommendations?

[andrewplummer]

Note that removing X-Prerender in setExtraHttpHeaders did in fact fix the issue for me here.

[jackmoore]

I had the same issue and resolved it the same way. Is there a way to remove the x-prerender header without changing those lines in sendPrerenderHeader.js?

[deepakgonda]

I had the same issue and resolved it the same way. Is there a way to remove the x-prerender header without changing those lines in sendPrerenderHeader.js?

@jackmoore You can comment this line in server.js

// server.use(prerender.sendPrerenderHeader());