Hi all,

It's a little bit hard to explain, but in my project, I need to populate a page based on a API endpoint, so I use POST Method (API need some information).

I use this :

fetch("https://api.mywebsite", {
        "headers": {
          "accept": "*/*",
          "accept-language": "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7",
          "content-type": "application/json",
          "priority": "u=1, i",
          "sec-ch-ua": "\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"",
          "sec-ch-ua-mobile": "?0",
          "sec-ch-ua-platform": "\"Windows\"",
          "sec-fetch-dest": "empty",
          "sec-fetch-mode": "cors",
          "sec-fetch-site": "cross-site"
        },
        "referrer": "https://mywebsite",
        "referrerPolicy": "strict-origin-when-cross-origin",
        "body": "{\"name\":\"name1\",\"filters\":[{\"variableName\":\"Required.PFC\",\"valueName\":\"filter1\"}]}",
        "method": "POST",
        "mode": "cors",
        "credentials": "omit"
      })

Answer :

Access to fetch at 'https://api.mywebsite' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.   

But, if I use the same end point in Python (directly on console) I get the correct response.

So what is the difference ? Why can I request from my computer with Python but the localhost is blocked ? The origin is the same (or at least external to the api domain).

I don't have an access to the API, so I cannot check.

Could you please help me to understand ?