Access to localhost was denied | You don't have authorization to view this page. HTTP ERROR 403

Matthew C.

—January 15, 2025

The Problem

When running a local development server for a Node.js app, you may get the following error in your browser:

Access to localhost was denied
You don't have authorization to view this page.
HTTP ERROR 403

This occurs when you don’t have access rights. For example, you would encounter a 403 error when sending a request to a protected API endpoint without the required access token.

The Solution

Let’s address five common reasons you may be denied access to the localhost:

• Authentication: You have an invalid access token or lack the necessary permissions.
• Port availability: You try to access a web server port that is already in use.
• Cross-origin resource sharing (CORS) settings: CORS has not been set up.
• File Permissions: The necessary file permissions have not been enabled.
• Antivirus software: Your firewall or antivirus software may block your access to a port or folder.

Authentication

If your API endpoint requires authentication, check that the access token in your request is correct and that you have the required permissions. For example, an admin-only endpoint would require admin permissions.

Port Availability

To connect to the localhost web server, you need to provide both the IP address and the port number:

127.0.0.1:5000

If the port is already in use, you won’t be able to access your local development server. Check that the port is not being used by another server or application.

If you use port 5000 or 7000 on a machine running macOS version 12 (Monterey) or above, the issue may caused by the macOS AirPlay Receiver, which runs on port 5000. You can fix this problem by using a different port for your local host server or turning off the AirPlay Receiver.

To switch off the AirPlay Receiver:

• Open System Settings.
• Search for AirPlay Receiver in the Settings dialog window.
• Uncheck the box next to AirPlay Receiver.

CORS Settings

If you are using separate frontend and backend repos, you need to configure CORS. To allow cross-origin requests, add the frontend origin to the Access-Control-Allow-Origin header. In an Express app, you can install the cors npm package and add an origin as shown in the code below:

const cors = require("cors");

const corsOptions = {
  origin: 'http://127.0.0.1:5000',
};

app.use(cors(corsOptions));

File Permissions

Your local server may lack file or resource permissions for the current user. In Windows, you can use the following steps to check whether the user running the local web server has the correct permissions to access a folder’s data:

1. Right-click on the folder and select Properties.
2. Open the Security tab and select the user account that your local server is running on.
3. Ensure the correct permissions are checked: Read and Read & Execute.

Antivirus Software

If your access to a port or folder has been blocked by your antivirus software or firewall, you can either use a different port or change your antivirus or firewall settings.

Note

Localhost is the hostname of the IP address that developers use to run a web server on their local computer:

127.0.0.1