Skip to main content
Answered

Help needed : CORS policy


Forum|alt.badge.img

I am trying to send a request to get API response, but CORS policy prevents me, so how can I send a request?  Knowing that I have a business plan 

Access to XMLHttpRequest at 'https://api.typeform.com/forms/UzkZtaLj' from origin 'https://auth-new-ed87a.web.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

Best answer by mathio

Hello @Reem_Shamia 

our CORS policy prevents you from making requests to the API from browser. This makes sure you dont leak your personal token to the world. I suggest you make the request server-side in your own API endpoint and only expose the data you want to the world.

View original

5 replies

mathio
Typeform
Forum|alt.badge.img+5
  • Typeform
  • 888 replies
  • Answer
  • May 30, 2022

Hello @Reem_Shamia 

our CORS policy prevents you from making requests to the API from browser. This makes sure you dont leak your personal token to the world. I suggest you make the request server-side in your own API endpoint and only expose the data you want to the world.


  • Navigating the Land
  • 2 replies
  • October 11, 2023

I receive a CORS error on my simple form embed:

Access to script at 'https://embed.typeform.com/next/embed.js' from origin 'https://www.cleanipedia.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

My source code couldn’t be any simpler:

<div data-tf-widget="ksAsjSWz"></div>

<script src="//embed.typeform.com/next/embed.js"></script>

 

I also can’t run this on localhost for the same reasons. Please help!


Liz
Community Team
Forum|alt.badge.img+5
  • Tech Community Advocate
  • 14437 replies
  • October 12, 2023

Hi @harrygreen Thanks for stopping by the community! I’ve moved your post here where we have an existing conversation about this. 


  • Navigating the Land
  • 2 replies
  • October 13, 2023

Thanks @Liz  - I solved my issue by updating the script import to:

<script type="text/javascript" src="//embed.typeform.com/next/embed.js"></script>

I’m using Astro, and I think that was trying to bundle it rather than pass straight through to the browser.


Liz
Community Team
Forum|alt.badge.img+5
  • Tech Community Advocate
  • 14437 replies
  • October 13, 2023

Hi @harrygreen Ah thank you so much for sharing - that’s great to know and helpful for anyone else using Astro. Let us know if you run into any other issues!


Reply