External fetch API (Forbidden)

frodrigues · November 29, 2024, 1:46am

I’m trying to fetch from an external api but I get (forbidden).

Locally it works ok.
I added the vercel.json file with headers, in the admin I enabled OPTIONS Allowlist and entered the path /api.

What could be missing?

Using astro framework

  const res = await fetch('EXTERNAL_API',
    {
      headers: {

        "Content-Type": "application/json",
        "Access-Control-Allow-Credentials": "true" ,
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET,OPTIONS,PATCH,DELETE,POST,PUT" ,
        "Access-Control-Allow-Headers": "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version" 
      },
    });

    const result= await res.json();

added vercel.json
OPTIONS Allowlist -> /api

pawlean · November 29, 2024, 12:54pm

Hi, @frodrigues! Welcome to the Vercel Community

CORS errors are always the most frustrating. Sorry to hear this! Let’s try and get to a solution In case anyone else stumbles upon this post, we also have a helpful guide on this topic:

For your specific case, could you try and:

Remove CORS headers from your fetch request. They should be set on the server side, not in the client-side fetch.
Update your vercel.json to include CORS headers for all routes:

{
  "headers": [
    {
      "source": "/(.*)",
      "headers": [
        { "key": "Access-Control-Allow-Origin", "value": "*" },
        { "key": "Access-Control-Allow-Methods", "value": "GET,OPTIONS,PATCH,DELETE,POST,PUT" },
        { "key": "Access-Control-Allow-Headers", "value": "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version" }
      ]
    }
  ]
}

Redeploy your app after making these changes.
If the issue persists, check if the external API allows requests from your Vercel deployment’s domain.

If you’re still encountering problems, please provide more details about the external API and the exact error message you’re receiving

Let us know how you get on!

system · December 29, 2024, 12:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CORS Issue on Node.js Express App with Vercel Help express , react	4	66	September 30, 2024
No 'Access-Control-Allow-Origin' header is present on the requested Help	3	50	March 2, 2025
CORS Issues with Vercel Blob Help storage	10	69	February 11, 2025
CORS issue Help express	9	176	September 14, 2024
Project runs locally, but doesn’t work on Vercel Help domains , express , react	5	69	January 5, 2025

External fetch API (Forbidden)

Related topics