Erudiax
Node.js11 min read

Fixing CORS Errors in Node.js and Express

Learn how to fix CORS errors in Node.js and Express. Understand CORS, configure it properly, and handle cross-origin requests. Essential for building APIs that work with frontend applications.

Sarah Johnson
December 19, 2025
0.0k0

CORS errors are one of the most common issues when building web applications. If you're getting "Access-Control-Allow-Origin" errors, this tutorial will help you fix them.

What is CORS?

CORS (Cross-Origin Resource Sharing) is a security feature that browsers use to control which websites can make requests to your API. When your frontend (React app) tries to call your backend (Node.js API) from a different origin, the browser blocks it unless you configure CORS properly.

Why CORS Errors Happen

CORS errors occur when: - Your frontend runs on http://localhost:3000 - Your backend runs on http://localhost:5000 - Browser blocks the request because origins don't match

Fixing CORS in Express

The easiest way to fix CORS is using the cors middleware. Install it and configure it properly.

Basic CORS Setup

For development, you can allow all origins. For production, specify exact origins for security.

Advanced CORS Configuration

Learn how to configure specific headers, methods, and credentials. This is important for production applications.

Common CORS Issues

I'll show you how to handle preflight requests, credentials, and custom headers. These are the most common CORS problems developers face.

#Node.js#CORS#Express#API#Backend

Common Questions & Answers

Q1

How do I fix CORS errors in Express?

A

Install cors package: npm install cors. Then use app.use(cors()) for all origins, or configure it with specific options. For production, specify allowed origins, methods, and headers. Use credentials: true if sending cookies.

javascript
RunExplain
const express = require('express');
const cors = require('cors');
const app = express();

// Allow all origins (development only)
app.use(cors());

// Or configure specific origins
app.use(cors({
  origin: 'http://localhost:3000',
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  credentials: true
}));

// For multiple origins
app.use(cors({
  origin: ['http://localhost:3000', 'https://erudiax.com'],
  credentials: true
}));

app.get('/api/data', (req, res) => {
  res.json({ message: 'Hello from API' });
});

app.listen(5000);
Q2

What is a preflight request and how do I handle it?

A

Preflight is an OPTIONS request browser sends before actual request for certain methods/headers. Express cors middleware handles it automatically. For manual handling, add OPTIONS route that returns 200 with CORS headers.

javascript
RunExplain
// Manual preflight handling
app.options('/api/data', (req, res) => {
  res.header('Access-Control-Allow-Origin', 'http://localhost:3000');
  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
  res.header('Access-Control-Allow-Credentials', 'true');
  res.sendStatus(200);
});

// Or use cors middleware (recommended)
app.use(cors({
  origin: 'http://localhost:3000',
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  credentials: true
}));
Q3

How do I allow credentials (cookies) with CORS?

A

Set credentials: true in cors config and ensure Access-Control-Allow-Credentials header is set. Frontend must also set credentials: true in fetch. Both origin must be specific (not *) when using credentials.

javascript
RunExplain
// Backend
app.use(cors({
  origin: 'http://localhost:3000',
  credentials: true  // Allow cookies
}));

// Frontend (React)
fetch('http://localhost:5000/api/data', {
  method: 'GET',
  credentials: 'include'  // Send cookies
})
.then(res => res.json())
.then(data => console.log(data));

More on Node.js

Understanding Node.js Event Loop: A Complete Guide

8 min12.5k

Building RESTful APIs with Node.js and Express

12 min18.2k

Async/Await vs Promises in Node.js

10 min15.8k