CORS redirect issue for verified domain

Access to XMLHttpRequest at ‘https://api.example.com/endpoint’ from origin ‘https://www.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request

My frontend and backend have both had domains verified. The cors issue only happens when I have my frontend pointing to the new verified backend subdomain. BUT It works if pointing to the ‘unverified’ backend render url.

Also since the frontend is the same, my whitelist shouldn’t need any updates or config changes on the backend here. So if it is working when pointing to the render URL but not the new verified subdomain backend url, might be something else wrong, any ideas ?

Hi there,

Thanks for reaching out.

From what you shared, the main issue appears to be:

Redirect is not allowed for a preflight request

Pointing to the preflight request being redirected. You may need to check any redirection code in app, maybe domain related if that’s where you’re able to reproduce the issue? Or maybe auth/logins are trying to redirect.

Hope that helps

Alan

1 Like

Thanks I was able to solve it. The redirect was happening on Renders side, although more of a feature than a bug. When I entered the domain for my backend, I mistakenly included the ‘www’ (Render might consider removing the pre-populated example in the textbox which uses www for services). Render then automatically creates a redirect from my non ‘www’ service calls to the ‘www’ service calls which was causing the CORS error.

Simply revalidating my backend domain without the WWW removed the redirect and fixed the issue.

Thanks for the tip ! @al_ps