Access to XMLHttpRequest at ‘https://api.example.com/endpoint’ from origin ‘https://www.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request
My frontend and backend have both had domains verified. The cors issue only happens when I have my frontend pointing to the new verified backend subdomain. BUT It works if pointing to the ‘unverified’ backend render url.
Also since the frontend is the same, my whitelist shouldn’t need any updates or config changes on the backend here. So if it is working when pointing to the render URL but not the new verified subdomain backend url, might be something else wrong, any ideas ?
From what you shared, the main issue appears to be:
Redirect is not allowed for a preflight request
Pointing to the preflight request being redirected. You may need to check any redirection code in app, maybe domain related if that’s where you’re able to reproduce the issue? Or maybe auth/logins are trying to redirect.
Thanks I was able to solve it. The redirect was happening on Renders side, although more of a feature than a bug. When I entered the domain for my backend, I mistakenly included the ‘www’ (Render might consider removing the pre-populated example in the textbox which uses www for services). Render then automatically creates a redirect from my non ‘www’ service calls to the ‘www’ service calls which was causing the CORS error.
Simply revalidating my backend domain without the WWW removed the redirect and fixed the issue.