This is a scenario that took some time to understand. I could see errors in the browser but everything on the server seemed to be configured correctly.
The problem was, that when a request was made by the browser, the server handling the request made a request to another API and that request returned an error. When the browser received the error message it reported the issue as a CORS issue.
CORS only applies to requests made by the browser, if the request is made by a server then it cannot be CORS. If the requests made by cURL, Postman or non-browser client are working then it’s not CORS.
- Is the domain the browser is communicating from allowed by the server’s CORS settings?
- Are the API servers able to communicate with each other?
- Are there any API limits that could be causing the error?
- Are there network configurations that should be checked? e.g. Cloudflare, proxies, DNS, etc.