Access to XMLHttpRequest from origin has been blocked by CORS policy in post-purchase extension

Retired Boards Appdev Custom Storefronts

Topic summary

A developer is encountering a CORS (Cross-Origin Resource Sharing) policy error when attempting to make XMLHttpRequest calls from a post-purchase extension.

The Issue:

  • Requests to fetch product recommendations from products.json endpoint are being blocked
  • Error indicates missing ‘Access-Control-Allow-Origin’ header on the requested resource
  • The request originates from a Shopify checkout extension domain and targets the store’s myshopify.com domain

Technical Context:
CORS errors occur when browser security policies prevent cross-origin HTTP requests. The server hosting the requested resource must explicitly allow requests from the extension’s origin by including appropriate CORS headers.

Status:
The discussion appears to be newly opened with no responses or solutions provided yet. The developer has shared the specific error message but hasn’t indicated attempted troubleshooting steps or workarounds.

Summarized with AI on November 23. AI used: claude-sonnet-4-5-20250929.
1

Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Access to XMLHttpRequest at ‘https://checkout-extension-ghc.myshopify.com/recommendations/products.json?product_id=8106071064863&limit=4&intent=related’ from origin ‘https://cdn.shopify.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.