Hello @Reem_Shamia
our CORS policy prevents you from making requests to the API from browser. This makes sure you dont leak your personal token to the world. I suggest you make the request server-side in your own API endpoint and only expose the data you want to the world.
I receive a CORS error on my simple form embed:
Access to script at 'https://embed.typeform.com/next/embed.js' from origin 'https://www.cleanipedia.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My source code couldn’t be any simpler:
<div data-tf-widget="ksAsjSWz"></div>
<script src="//embed.typeform.com/next/embed.js"></script>
I also can’t run this on localhost for the same reasons. Please help!
Hi @harrygreen Thanks for stopping by the community! I’ve moved your post here where we have an existing conversation about this.
Thanks @Liz - I solved my issue by updating the script import to:
<script type="text/javascript" src="//embed.typeform.com/next/embed.js"></script>
I’m using Astro, and I think that was trying to bundle it rather than pass straight through to the browser.
Hi @harrygreen Ah thank you so much for sharing - that’s great to know and helpful for anyone else using Astro. Let us know if you run into any other issues!