CORS issue when frontend tries to send api request to backend

I have a backend running on render. I also have a frontend (static site) running on render. Clicking the frontend link leads to a sign-in page. When I try to sign in, I get this error -
Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

My app.ts file looks like this -

import { Server } from "@overnightjs/core";
import { initDB } from "./models";
import { ApiController } from "./controllers/ApiController";
import * as bodyParser from "body-parser";
import session from "express-session";
import cookieParser  from "cookie-parser";
import * as http from 'http';
import cors from 'cors';

export class App extends Server {
	private close: http.Server;

	constructor() {
		// setting up session
				secret: "secret",
				resave: true,
				saveUninitialized: true,
				cookie: {maxAge: 60 * 1000 * 300},
				rolling: true // reset exipration date with every request

	public start(): void {
		const port = 10000;, res, next) => {
			res.header('Access-Control-Allow-Origin', '*');
			res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');

		// Enable CORS for all routes;

		// Use the cookie-parser middleware;

		this.close =, () => {
            console.log('Server listening on port: ' + port);


	private applyMiddleWares() {;{ extended: false }));

	private async boostrap() {
		// Connect to db
		await initDB();

	private setupControllers() {
		super.addControllers(new ApiController());

Hi @minhaj2OOO,

It looks like your services have been deleted.

Regarding this issue, one thing to consider in the future is avoiding the use of a wildcard character in the header:

Note: When responding to a credentialed requests request, the server must specify an origin in the value of the Access-Control-Allow-Origin header, instead of specifying the "*" wildcard. (

Please feel free to reach out again if you have any more questions.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.