Customer accounts extension CORS error

VK_dev · January 2, 2026, 4:47am

I’m building a customer-account extension. I have to make an API call from here to my embedded app, but while making the api call, I’m getting a CORS error says

Error:
“Access to XMLHttpRequest at ‘https://afflr-beta-vk.ngrok.io/api/customer-account/dashboard’ from origin ‘null’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.“

from the extension i’ve enabled the network_access and api_access and using the nest.js for app server there also enabled to allow all origins with,

app.enableCors();
app.use(helmet());

and also tried to mention explicit access but still getting the issue, what am i missing?

Paige-Shopify · January 2, 2026, 5:02am

Hi @VK_dev, does your server support CORS from any origin?

More information here from our Checkout UI docoumentation:

Topic		Replies	Views
CORS issue when requesting external API - Customer Extension Extensions customer-account-ext	1	843	February 27, 2025
CORS error on customer account ui extension using custom URL Extensions customer-account-ext	0	191	May 22, 2025
Api call from Customer Account UI extension to app backend Extensions customer-account-ext	5	99	December 18, 2025
App proxy has been blocked by CORS at App extension Extensions checkout-ui-ext , customer-account-ext	10	768	July 29, 2025
CORS Error: Response to preflight request doesn't pass access control check Extensions theme-app-extension	4	797	February 3, 2025

Customer accounts extension CORS error

Related topics