Bolt·Fixdeployintermediate

CORS Error in Bolt.new App

Quick Answer

Calling an external API directly from the browser gets blocked by CORS policy. The browser prevents cross-origin requests for security. Start with "Create a server-side proxy" before making broader code changes.

You're in the right place if...

  • !'Access-Control-Allow-Origin' error in console
  • !API calls work in Postman but fail in browser
  • !Network requests blocked

Why this happens

Calling an external API directly from the browser gets blocked by CORS policy. The browser prevents cross-origin requests for security.

Fix

1

Create a server-side proxy

Tell Bolt to route API calls through a server-side endpoint:

Copy this prompt

I'm getting a CORS error when calling [API name]. Please create a server-side API route that proxies the request:

/api/[endpoint-name] → calls external API

The browser calls our API route instead, avoiding CORS restrictions.

Prevent this next time

Never call external APIs directly from the browser. Always create a server-side API route that proxies the request.

Frequently Asked Questions

Cross-Origin Resource Sharing. Browsers block requests from your site to a different domain unless that domain explicitly allows it.

Postman isn't a browser. CORS is a browser-only security feature. Server-side requests bypass it entirely.

Related fixes

lovableperformance

Lovable App Hitting API Rate Limits

boltdeploy

npm Package Not Working in Bolt.new

verceldeploy

Vercel Function Timing Out

boltdeploy

Bolt.new App Not Deploying

boltprompting

Bolt.new Forgetting Previous Instructions

boltdeploy

Bolt.new Preview Not Updating

Weekly Newsletter

Get next week's fix before you need it.

Join developers getting weekly vibe coding tips, error fixes, and tool updates.

Subscribe on Substack →
Browse more Bolt fixes →
Building from scratch instead of fixing? Browse our step-by-step tutorials →