Choorai
KO EN

CORS Basics

Learn why cross-origin calls fail and which headers need to be configured.

Core concepts

  • Same-Origin: Same protocol/domain/port
  • CORS: Cross-origin request permission rules
  • Preflight: Browser OPTIONS check before actual request

Why errors happen

Browsers block cross-origin API calls by default. The server must return allowed CORS headers.

Practical checklist

  • Allow frontend origin (e.g., http://localhost:5173)
  • Set allow_methods and allow_headers
  • If using cookies, verify allow_credentials

Troubleshooting

Go to CORS Troubleshooting

Last updated: February 22, 2026 · Version: v0.0.1

Send Feedback

Opens a new issue page with your message.

Open GitHub Issue