Answered

Help needed : CORS policy

  • 29 May 2022
  • 5 replies
  • 1128 views

Userlevel 1
Badge

I am trying to send a request to get API response, but CORS policy prevents me, so how can I send a request?  Knowing that I have a business plan 

Access to XMLHttpRequest at 'https://api.typeform.com/forms/UzkZtaLj' from origin 'https://auth-new-ed87a.web.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

icon

Best answer by mathio 30 May 2022, 10:29

View original

5 replies

Userlevel 7
Badge +5

Hello @Reem_Shamia 

our CORS policy prevents you from making requests to the API from browser. This makes sure you dont leak your personal token to the world. I suggest you make the request server-side in your own API endpoint and only expose the data you want to the world.

I receive a CORS error on my simple form embed:

Access to script at 'https://embed.typeform.com/next/embed.js' from origin 'https://www.cleanipedia.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

My source code couldn’t be any simpler:

<div data-tf-widget="ksAsjSWz"></div>

<script src="//embed.typeform.com/next/embed.js"></script>

 

I also can’t run this on localhost for the same reasons. Please help!

Userlevel 7
Badge +5

Hi @harrygreen Thanks for stopping by the community! I’ve moved your post here where we have an existing conversation about this. 

Thanks @Liz  - I solved my issue by updating the script import to:

<script type="text/javascript" src="//embed.typeform.com/next/embed.js"></script>

I’m using Astro, and I think that was trying to bundle it rather than pass straight through to the browser.

Userlevel 7
Badge +5

Hi @harrygreen Ah thank you so much for sharing - that’s great to know and helpful for anyone else using Astro. Let us know if you run into any other issues!

Reply