{"id":19,"hash":"fe07b80044551d72cdd337aa92fe098d70f375abc7a7f1820d140135406a8981","pattern":"has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header","full_message":"Access to fetch at 'https://api.example.com/data' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.","ecosystem":null,"package_name":null,"package_version":null,"solution":"The API server does not allow cross-origin requests from your origin.\n1. Fix SERVER side: add `Access-Control-Allow-Origin: <origin>` (or `*` for public APIs).\n   - Express: `app.use(cors({ origin: 'http://localhost:3000' }))`.\n   - FastAPI: `app.add_middleware(CORSMiddleware, allow_origins=[...])`.\n   - Next.js Route Handler: set headers in the Response.\n2. Preflight (OPTIONS): ensure the server responds 200/204 to OPTIONS.\n3. For credentials (`credentials: 'include'`), `Access-Control-Allow-Origin` must be a specific origin, not `*`.\n4. Dev-only workaround: use Next.js rewrites or a proxy — never disable CORS in browser with a flag.","confidence":0.95,"source":"mdn","source_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS","votes":62,"created_at":"2026-04-19T03:24:37.000712+00:00","updated_at":"2026-04-19T03:25:24.788789+00:00"}