Last active
May 21, 2025 10:01
-
-
Save tomfa/efa935cd6092573e46ca3574a1e1f41c to your computer and use it in GitHub Desktop.
Debugging CORS errors with curl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -I -XOPTIONS \ | |
| -H "Access-Control-Request-Method: POST" \ | |
| -H "Origin: https://frontend.app.com" \ | |
| https://api.app.com/messages | grep access-control-allow-origin |
Pinggy localtunnel
If you use Pinggy for local tunneling, note that you'll need to add x:passpreflight arg to ssh:
ssh -p 443 -R0:localhost:3000 a.pinggy.io x:passpreflight
You would also want to add a header to your api requests x-pinggy-no-screen in your frontend app, and add it to the curl above
curl -I -XOPTIONS \
-H "Access-Control-Request-Method: POST" \
-H "Origin: https://frontend.app.com/" \
-H 'x-pinggy-no-screen: 1' \
https://api.app.com/messages | grep access-control-allow-origin
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
frontend.app.comwith frontend urlapi.app.com/messageswith api endpointIf last line of output is
access-control-allow-origin, your api has CORS settings accepting your frontend