CORS policy for External APIs

New Member
2 0 0

Hello everyone,

I recently create a landing page where I manually have added a form from which users can subscribe to a newsletter.

The newsletter access uses the SendGrid APIs, and these are the parameters I have set up for the POST request:


var xhr = new XMLHttpRequest();
xhr.withCredentials = true;"PUT", "");
xhr.setRequestHeader("authorization", "Bearer <API_KEY>");
xhr.setRequestHeader("content-type", "application/json");
xhr.setRequestHeader("Access-Control-Allow-Credentials", true);
xhr.setRequestHeader("Access-Control-Allow-Origin", true);



however, when I try to send the below code I have the following error:

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

Also, the following line on the console is this:


which has also a pointer to this line on the file

Screenshot 2020-06-11 at 20.35.40.png


Note: On the SendGrid side, I also tested the API with Full Access

Any help would be deeply appreciated, thanks!