HTTP Error3 Fixes Available

CORS Error — Cross-Origin Request Blocked

Access to fetch at 'https://api.example.com' from origin 'https://yoursite.com' has been blocked by CORS policy

What does this error mean?

CORS (Cross-Origin Resource Sharing) is a browser security feature that blocks web pages from making requests to a different domain than the one that served the page. The server must explicitly allow cross-origin requests by sending the correct headers.

Common Causes

The API server does not send Access-Control-Allow-Origin headers
The origin is not whitelisted in the server's CORS configuration
A preflight OPTIONS request is not handled by the server
Credentials (cookies) are being sent but the server doesn't allow them

How to Fix It (3 Solutions)

Add CORS headers in Express

Use the cors npm package to add the required headers.

Code

npm install cors

const cors = require('cors');
app.use(cors({
  origin: 'https://yoursite.com',
  credentials: true,
}));

Add CORS headers in Next.js API routes

Set headers in your Next.js route handler.

Code

export async function GET(request: Request) {
  return new Response(JSON.stringify({ data: 'ok' }), {
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Content-Type': 'application/json',
    },
  });
}

Add CORS headers in Nginx

Configure Nginx to add CORS headers to all responses.

Code

location /api/ {
  add_header 'Access-Control-Allow-Origin' '*';
  add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
}

Related Errors

HTTP

403 Forbidden — Access Denied

View fix

HTTP

401 Unauthorized — Authentication Required

View fix

HTTP

404 Not Found

View fix

Browse all error fixes