Fix: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Also fixes "The Canvas has been tainted by cross-origin data" with scripts


  1. Navigate to your Storage provider's CORS settings page.
  2. Set the allowed origin to your domain name.


Allowed originsAllowed MethodsAllowed headersExposed headersMax Age

Azure Example:

For example in Azure search "cors" in storage account and set something like this:

Google Cloud Storage

Instructions can be found here:


Make sure to replace the domain name in the JSON config with your own domain name.

This is not needed for general annotation but is currently needed for automations.