CORS Issue In Checkout Extension

Shopify Apps

Topic summary

A developer is encountering a CORS (Cross-Origin Resource Sharing) error when attempting to fetch GraphQL data from their Remix.JS Shopify app backend to a checkout extension.

Technical Setup:

  • Using Remix.JS with remix-utils/cors package
  • Backend endpoint (api.get-user.tsx) queries metaobjects via Shopify’s GraphQL Admin API
  • Checkout extension makes a GET request to fetch this data via a cloudflare tunnel URL
  • Already implementing CORS handling for OPTIONS preflight requests and applying CORS headers to responses

Attempted Solutions:

  • One user suggested adding explicit CORS headers (Access-Control-Allow-Origin: *, Access-Control-Allow-Methods, Access-Control-Allow-Headers) based on a GitHub issue reference
  • The original poster confirmed this approach did not resolve the issue

Current Status:
The problem remains unresolved. The developer is still seeking a working solution to enable cross-origin requests between their checkout extension and backend API.

Summarized with AI on November 1. AI used: claude-sonnet-4-5-20250929.
1

Hi Developers,

I hope this message finds you well.

I have been trying to fix CORS issue in Checkout extension

I have been developing, simple Shopify app via Remix.JS, I have set up admin and everything but i am really struggling here to send backend GraphQL data to Checkout extension as i am getting CORS issue.

I would really appreciate your help.

Below is my api.get-user.tsx:

import { json } from '@remix-run/node';
import { cors } from 'remix-utils/cors';
import { authenticate } from "../shopify.server";

export const loader = async ({ request }) => {
    // Handle preflight OPTIONS request
    if (request.method === "OPTIONS") {
      return cors(request, json(null, { status: 204 }));
    }
  
    // Your data fetching logic here
    const { admin } = await authenticate.public.checkout(request);
  
    // Fetch bypass products metaobject
    const checkEntryResponse = await admin.graphql(
      `#graphql
        query {
          metaobjects(type: "bypass_products", first: 1) {
            edges {
              node {
                fields {
                  key
                  value
                }
              }
            }
          }
        }
      `
    );
    const checkEntryData = await checkEntryResponse.json();
  
    // Create a JSON response
    const response = json(checkEntryData);

    // Apply CORS headers to the response
    return cors(response);
  };

And below is my checkout extension code in Checkout.tsx:

useEffect(() => {
    async function fetchData() {
      try {
        const response = await fetch("https://supporting-advise-lending-witch.trycloudflare.com/api/get-user", {
          method: "GET",
          headers: {
            "Content-Type": "application/json",
          },
        });

        if (!response.ok) {
          throw new Error(`HTTP error! Status: ${response.status}`);
        }

        const data = await response.json();
        console.log("Backend response:", data);
        setUserData(data);
      } catch (error) {
        console.error("Error fetching data:", error);
      }
    }

    fetchData();
  }, []);

Attached below is the issue i am getting:

Kit__0-1739059889026.jpeg
Kit__0-1739059889026.jpeg997×262 61 KB

Many thanks

2

Hello @Kit_3
Hope you are doing great!
I’ve also faced the same issue in Rails, but, rails provide a gem, so I’ve resolved the issue.
but you can pass in the header below the code. May this one resolve the error. Please check out this link.

'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers': '*',
3

Thank you for your information but it is still not working.