[CORS] Storefront API on Online Store

Raw · July 17, 2025, 2:33am

I’m using the Storefront API version 2025-04 on an Online Store. I’m currently facing a CORS issue on the merchant’s website. Specifically, domains ending in .myshopify.com are being blocked by CORS, and only domains that match the merchant’s own domain are being accepted.

**

“Access to fetch at ‘https://florade-de.myshopify.com/api/2025-04/graphql.json’ from origin ‘https://florade.de’ has been blocked by CORS policy: Request header field cache-control is not allowed by Access-Control-Allow-Headers in preflight response.”

**

I’ve checked the Shopify Storefront API documentation but haven’t seen any updates or notices about this change.

Has anyone here encountered this issue recently? If so, how did you resolve it?
Thank you in advance!

Luke · July 17, 2025, 8:10am

This is most likely to be expected. Can’t you just make your requests to the following below?

https://florade.de/api/2025-04/graphql.json

Topic		Replies	Views
Storefront GraphQL calls blocked in Themes > Customize due to CORS Online Store and Theme Development theme-editor	2	184	December 13, 2024
How to Restrict Access-Control-Allow-Origin to My Domain in Shopify? Shopify App Store app-store , dev-stores	4	363	February 28, 2025
CORS Error: Response to preflight request doesn't pass access control check Extensions theme-app-extension	4	874	February 3, 2025
Hydrogen React Component Requests to Storefront API Blocked by Content Security Policy Hydrogen and Storefront APIs hydrogen , storefront-api	2	118	December 20, 2024
API working in live Shopify app but failing in development on Order Status Page (UI Extension) – CORS issue? Extensions checkout-ui-ext	1	14	February 1, 2026

[CORS] Storefront API on Online Store

Related topics