"blocked by CORS policy"

[mparker546]

Access to image at 'https://i.pinimg.com/originals/64/bc/a7/64bca781530a9448a67e8a186dd018aa.jpg' from origin 'https://192.168.123.248:30000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Not sure if this is a me issue or what...

[MrPrimate]

The original author used to run a proxy to allow any image on the internet to be loaded. This proxy is now unavailable. There are security policies called CORS in place which stop other sites from loading content. It's normally a bad idea to run an open CORS proxy. You can run your own if you wish and update the proxy endpoint setting using the developer console command game.settings.set("vtta-tokenizer", "proxy", "<proxy address>").

You can see an example of such proxies at https://github.com/Rob--W/cors-anywhere and https://github.com/VTTAssets/image-proxy.

The alternative is to upload the image to your Foundry server.

[laurieathey]

Is there a way we could fix this for everyone? It's basically killed main use of the mod for me :(

[mparker546]

As an add-on to the above workaround as well, you can manually edit the default proxy in the module settings so you don't have to redefine the server per world. I tested and it works.

[MrPrimate]

As an addendum to this/future splunkers, the easiest way around is to paste the image into Tokenizer. (Right click on image, Copy Image, then Ctrl-V (paste) the image into Tokenizer.) There is a toggle on the left had side that allows paste into Avatar or Token selection.

[chaoticnote]

Is still happening if you try to upload an image URL from , but looks like Copy+Pasting the image works just fine just as MrPrimate says.

[MrPrimate]

Yes, this is because the URL you are targeting has CORS enabled. This is a security feature that stops "hotlinking" this is where you use images from one site on another. Presumable aonprd.com don't want to pay the bandwidth costs for others to use their images on their websites (understandable).