Access to fetch.. has been blocked by CORS policy: Response to preflight request doesn't pass access

jbalais · June 10, 2025, 12:01pm

I’m trying to generate an access token for my public app. However, I’m getting this error,

Access to fetch at 'https://test.myshopify.com/admin/oauth/access_token' from origin 'https://mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I already tried adding the “Access-Control-Allow-Origin” on the request header, but I’m still getting that same error.

export function* postShopify(postData, access_token_url, content_type) {
    return yield fetch(`${access_token_url}`, {
        headers: {
            'Access-Control-Allow-Origin': '*',
            'Content-Type': `${content_type}`,
        },
        method: 'POST',
        postData,
    });
}

Is there a workaround solution you could recommend to fix that error without using the App Proxy?

Here are the references I used on how I can generate the access token

Topic		Replies	Views
CORS POLICY ERROR for 'X-Shopify-Access-Token' Authentication troubleshooting	3	22	July 7, 2023
CORS error while fetching API on shopify checkout UI extension Shopify Plus third-party-apps	0	13	June 14, 2023
Problem using the admin api to fetch the data in front-end Shopify Discussion apps	0	5	September 17, 2021
CORS Error Response to preflight request doesn't pass access control check Shopify Apps shopify-apps	1	12	April 16, 2025
Cors Domain Policy Shopify Apps shopify-apps	0	6	November 22, 2024

Access to fetch.. has been blocked by CORS policy: Response to preflight request doesn't pass access

Related topics