HttpFixerBlogError Pages → CORS Preflight Failed — Fix
Error

CORS Preflight Failed — Fix

Exact Browser Console Error
Access to fetch at 'https://api.example.com/data' from origin 'https://app.example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Before your POST/PUT/DELETE request runs, the browser sent an OPTIONS request. Your server returned an error (404, 405, or 200 without CORS headers). Add an OPTIONS handler that returns 204 with CORS headers.

The fix by framework

Express

app.options('*', cors());  // Handle preflight for all routes
app.use(cors({ origin: 'https://app.example.com' }));

Nginx

if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin "https://app.example.com";
    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
    add_header Access-Control-Allow-Headers "Authorization, Content-Type";
    add_header Content-Length 0;
    return 204;
}

FastAPI

# CORSMiddleware handles OPTIONS automatically
app.add_middleware(CORSMiddleware, allow_origins=["https://app.example.com"], allow_methods=["*"])

Django

# django-cors-headers handles OPTIONS automatically after install
CORS_ALLOWED_ORIGINS = ['https://app.example.com']

CORSFixer sends a real OPTIONS preflight to your endpoint and shows exactly what your server returns — so you can see what is missing.

Send a live preflight → CORSFixer
Related: Preflight guide What is a preflight?