CORS issue when requesting external API - Customer Extension

Marcin_Rycko · February 27, 2025, 6:54pm

Hello,
I am creating a customer extension for my client that checks if a given client is entitled to a discount.

To do this I send a request to an external API that should return information about discounts. In postman everything works fine but when I transfer it to my extension I get an error

...from origin 'https://extensions.shopifycdn.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I doing wrong? I set network_access = true.
I can’t change the server API code because I don’t have access to it. Is there a way to solve this problem?

Robin-Shopify · February 27, 2025, 7:02pm

Hey, you will need to adjust the server code to allow cross origin requests.

Depending on the nature of the data, it’s also highly advisable that you use the session token API to verify that the incoming request is originating from your extension.

More info

CORS:

Session Tokens:

If you can’t edit the server code yourself, you’d look into adding a proxy endpoint in front of the server and validate the session token and return the appropriate CORS headers from there.

Topic		Replies	Views
App proxy has been blocked by CORS at App extension Extensions checkout-ui-ext , customer-account-ext	5	101	March 27, 2025
Fixed: CORS errors from admin UI extension making requests to app backend Extensions admin-ui-extensions	1	44	March 4, 2025
Cors Error while using api proxy in checkout ui extensions node template Extensions checkout-ui-ext	5	78	February 18, 2025
CORS Error: Response to preflight request doesn't pass access control check Extensions theme-app-extension	4	231	February 3, 2025
CORS Issue in Checkout UI Extension with App Proxy \| Remix JS Extensions checkout-ui-ext	4	423	February 5, 2025

CORS issue when requesting external API - Customer Extension

Related topics