Preflight

CORS with Cloudflare Zero Trust tends to fail in ways that look random until you understand who is actually answering the browser. That’s the first mistake: treating CORS like an app-only problem when Cloudflare is sitting in front of your app, enforcing Access policies, redirecting unauthenticated users, and sometimes answering OPTIONS before your origin ever sees it. If you’ve ever said “but my API sends Access-Control-Allow-Origin just fine” while the browser still throws a CORS error, this is probably why. ...

CORS performance usually gets treated like background noise until your frontend starts making hundreds of API calls and every second request triggers an OPTIONS preflight. Then it becomes very obvious: bad CORS config can waste latency, server CPU, and CDN cache efficiency. I’ve seen teams obsess over query performance while every browser quietly burns extra round trips on preflights they could have avoided. This guide is the practical version: what gets cached, what does not, and what headers to set when you want cross-origin requests to be fast without turning your policy into mush. ...

If you call the Wix API from browser JavaScript, CORS is the gatekeeper. When it’s configured the way your frontend needs, everything feels normal. When it isn’t, you get the classic useless browser error: blocked by CORS policy. This guide is the version I wish I had the first time I tried wiring a frontend directly to a third-party API. What CORS means for Wix API CORS stands for Cross-Origin Resource Sharing. Browsers enforce it when your page on one origin tries to call an API on another origin. ...

Every time your React app sends a JSON POST request, the browser does something you might not expect: it sends TWO requests instead of one. The first is an OPTIONS “preflight” request. The second is your actual request. This confuses a lot of people. Why is the browser sending extra requests? Why is my API getting OPTIONS requests I never wrote endpoints for? Why does Postman work but the browser doesn’t? ...