This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 12%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
"Access to script at 'http://localhost:4321/temp/manifests.js' from origin ... has been blocked by CORS policy: Permission was denied for this request to access the loopback address space."
The process of building custom applications and tools that interact with Microsoft SharePoint, including SharePoint Online in Microsoft 365.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 36%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Could you let me know if you have tried all the suggestions listed below?
Regards
Does NOT WORK, I am very frustrated with Microsoft about this.
Since this behavior is caused by Chromium’s Private/Local Network Access enforcement: a SharePoint-hosted page (public origin) is blocked from loading SPFx debug assets from localhost (loopback), so the browser stops the request before normal CORS headers can help.
You can try the below approach:
localhost. GetClientSideComponents) to avoid Dev Proxy blocking the workbench.Link references:
https://github.com/SharePoint/sp-dev-docs/issues/10572
https://www.spguides.com/set-up-development-environment-for-sharepoint-framework/
Note: This information is provided as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.
Regards
Thank you for reaching out to Microsoft Q&A forum
This is a well-known behavior caused by Private Network Access (PNA) enforcement in Chromium-based browsers (Edge, Chrome). The browser blocks the SharePoint-hosted workbench (a public origin) from fetching your local manifests.js served on localhost:4321, because it considers that a request from a public network to a private/loopback address.
Therefore, in this situation, you can use gulp serve with --nobrowser and test directly on a real SharePoint page, this is the officially supported approach going forward:
gulp serve --nobrowser
Then navigate to any modern SharePoint page and append this query string:
?loadSPFX=true&debugManifestsFile=https://localhost:4321/temp/manifests.js
For example:
https://yourtenant.sharepoint.com/sites/yoursite/SitePages/Home.aspx?loadSPFX=true&debugManifestsFile=https://localhost:4321/temp/manifests.js
SharePoint will prompt you to allow loading debug scripts and click "Load debug scripts". This works because the request to localhost originates from a user action/permission prompt, not an automatic cross-origin fetch.
Hope my answer will help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
It has been a while and I am writing to see how things are going with this issue.
Have you had a chance to check the replies provided?
Any update would be appreciated.
Still doesn't work. Has Microsoft fixed this issue yet?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 79%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
I am getting this exact same issue after updating a SPFx solution from 1.7.1 to 1.21.1 and running gulp serve --nobrowser.
Navigating to "_layouts/15/workbench.aspx" or any modern SharePoint page throws the same error, so neither options seems to work anymore.
Access to script at 'https://localhost:4321/temp/build/manifests.js' from origin 'https://contoso.sharepoint.com' has been blocked by CORS policy: Permission was denied for this request to access the
loopbackaddress space.
Found this similar question here with a solution: https://github.com/SharePoint/sp-dev-docs/issues/10487
You need to allow enable "local network access" (Chrome) and in Edge it looks like its called "Apps on device" or at least it worked after I enabled it.
Screenshot from Github which looks to be Chrome:
Screenshot from Edge:
The error is caused by the browser blocking access to http://localhost:4321 (loopback) while trying to load the SPFx debug manifests for the workbench/modern page.
Workaround for SharePoint developers:
heft start --nobrowser
?loadSPFX=true&debugManifestsFile=https://localhost:4321/temp/build/manifests.js
https://contoso.sharepoint.com/sites/team-a/sitepages/news.aspx?loadSPFX=true&debugManifestsFile=https://localhost:4321/temp/build/manifests.js
devproxyrc.json, exclude the SPFx component API so workbench/debugging can function:
{
"urlsToWatch": [
"!https://*.sharepoint.com/_api/web/GetClientSideComponents*"
// other URLs to watch
]
}
This combination (explicit debug query string plus excluding SPFx workbench APIs from interception) is the supported way to continue debugging SPFx solutions when loopback/CORS restrictions interfere.
References: