Skip to content

Instantly share code, notes, and snippets.

@tomfa
Last active May 21, 2025 10:01
Show Gist options
  • Save tomfa/efa935cd6092573e46ca3574a1e1f41c to your computer and use it in GitHub Desktop.
Save tomfa/efa935cd6092573e46ca3574a1e1f41c to your computer and use it in GitHub Desktop.
Debugging CORS errors with curl
curl -I -XOPTIONS \
-H "Access-Control-Request-Method: POST" \
-H "Origin: https://frontend.app.com" \
https://api.app.com/messages | grep access-control-allow-origin
@tomfa
Copy link
Author

tomfa commented May 21, 2025

  • Replace frontend.app.com with frontend url
  • Replace api.app.com/messages with api endpoint

If last line of output is access-control-allow-origin, your api has CORS settings accepting your frontend

@tomfa
Copy link
Author

tomfa commented May 21, 2025

Pinggy localtunnel

If you use Pinggy for local tunneling, note that you'll need to add x:passpreflight arg to ssh:

ssh -p 443 -R0:localhost:3000 a.pinggy.io x:passpreflight

You would also want to add a header to your api requests x-pinggy-no-screen in your frontend app, and add it to the curl above

curl -I -XOPTIONS \
  -H "Access-Control-Request-Method: POST" \
  -H "Origin: https://frontend.app.com/" \
  -H 'x-pinggy-no-screen: 1' \
  https://api.app.com/messages | grep access-control-allow-origin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment