Fix CORS Error on Railway

Updated April 2026

Railway deploys your application as-is. CORS headers are set by your server code, not by Railway's platform. The approach is identical to any other cloud deployment.

Set environment variables in Railway

Railway Dashboard → your service → Variables tab:

CORS_ORIGIN = https://yourapp.com

Framework configs using the Railway env variable

Express

app.use(cors({ origin: process.env.CORS_ORIGIN || "http://localhost:3000", credentials: false
}));

FastAPI

import os
from fastapi.middleware.cors import CORSMiddleware

origins = [os.getenv("CORS_ORIGIN", "http://localhost:3000")]
app.add_middleware(CORSMiddleware, allow_origins=origins, allow_methods=["*"], allow_headers=["*"])

Django

# settings.py
import os
CORS_ALLOWED_ORIGINS = [os.getenv("CORS_ORIGIN", "http://localhost:3000")]

Railway + Nixpacks (no Dockerfile)

Railway auto-detects your framework via Nixpacks. CORS configuration is still in your application code — the build system does not affect it.

Railway + frontend on Vercel

# Typical setup
# Railway: your-backend.railway.app  (backend API)
# Vercel:  your-frontend.vercel.app  (React frontend)

# Set in Railway Variables:
CORS_ORIGIN = https://your-frontend.vercel.app

# After custom domain:
CORS_ORIGIN = https://yourapp.com

Common Railway issue — PORT environment variable

# Railway injects PORT automatically — your app must use it
const PORT = process.env.PORT || 3000;
app.listen(PORT, "0.0.0.0");

If your app ignores PORT, Railway cannot route traffic to it. The connection will fail before CORS is even a factor — check Railway logs first.