CORS for Heroku Deployments: A Real-World Fix
I’ve seen a lot of teams blame Heroku when their frontend suddenly starts throwing CORS errors after deployment. Usually, Heroku is not the problem. Heroku just makes bad CORS assumptions painfully visible. This case study comes from a very common setup: React frontend on one Heroku app or a custom domain Node/Express API on another Heroku app Everything works locally Production blows up with No 'Access-Control-Allow-Origin' header is present The painful part is that the app often looks fine in Postman, curl, or server-to-server tests. Then the browser blocks it anyway. ...