No wait! It works, I forgot to dump the result to the console. Thanks 
Topic summary
Initial Problem:
A developer attempted to query Shopify products using both the JavaScript Buy SDK and direct GraphQL queries from within theme Liquid files. Both approaches failed—the SDK didn’t work, and the GraphQL fetch request was blocked by a CORS policy error due to missing ‘Access-Control-Allow-Origin’ headers.
Solution:
Another user provided working code that resolved the issue by:
- Using a relative URL path (
/api/2021-07/graphql.json) instead of the full domain URL - Simplifying the fetch request structure
- Properly formatting the GraphQL query and headers with the Storefront Access Token
The original poster confirmed this solution worked after initially forgetting to log the results to console.
New Issue:
A third user encountered an “UNAUTHORIZED” error when attempting the same approach in a Theme Extension app’s Liquid file, despite using their app’s API access token from the Shopify Partner account. This suggests potential differences in authentication requirements or permissions between standard themes and theme extensions.