CORS for SST: Common Mistakes and Fixes
If you build with SST long enough, you’ll eventually hit the classic wall: “Blocked by CORS policy” And the annoying part is that SST usually makes the happy path feel simple. Then one custom header, one cookie-based auth flow, or one frontend deployed to a different domain later, and you’re deep in browser errors that barely explain what’s actually wrong. Here are the CORS mistakes I see most often in SST projects, plus the fixes that actually work. ...