I keep being hit by this issue when trying to configure my IPFS node to allow programmatic access to the API.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5001/api/v0/add?stream-channels=true. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

The answer is to configure the API permissions of the IPFS configuration.

[code lang=bash gutter=false]

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"*\"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '[\"PUT\", \"GET\", \"POST\"]'

[/code]

IMPORTANT: After making any configuration changes you need to restart the IPFS daemon in order for the new settings to take effect

I had gone wrong as I had been trying to change the GATEWAY.HTTPHeaders instead of API. I also didn't realise I needed to restart the daemon.