Help needed : CORS policy

  • 29 May 2022
  • 5 replies

Userlevel 1

I am trying to send a request to get API response, but CORS policy prevents me, so how can I send a request?  Knowing that I have a business plan 

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.



Best answer by mathio 30 May 2022, 10:29

View original

5 replies

Userlevel 7
Badge +5

Hello @Reem_Shamia 

our CORS policy prevents you from making requests to the API from browser. This makes sure you dont leak your personal token to the world. I suggest you make the request server-side in your own API endpoint and only expose the data you want to the world.

I receive a CORS error on my simple form embed:

Access to script at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


My source code couldn’t be any simpler:

<div data-tf-widget="ksAsjSWz"></div>

<script src="//"></script>


I also can’t run this on localhost for the same reasons. Please help!

Userlevel 7
Badge +5

Hi @harrygreen Thanks for stopping by the community! I’ve moved your post here where we have an existing conversation about this. 

Thanks @Liz  - I solved my issue by updating the script import to:

<script type="text/javascript" src="//"></script>

I’m using Astro, and I think that was trying to bundle it rather than pass straight through to the browser.

Userlevel 7
Badge +5

Hi @harrygreen Ah thank you so much for sharing - that’s great to know and helpful for anyone else using Astro. Let us know if you run into any other issues!