I’m having trouble with my web app that uses separate front and back ends. The delete method is giving me a CORS error, saying ‘preflight redirect is not allowed’. This is happening even though I’ve set up CORS on my backend.
Here’s what’s weird: GET and POST requests work fine. All my requests include credentials.
I’ve tried:
- Using the full public URLs for both frontend and backend
- Setting up CORS with various options
My CORS setup looks like this:
app.use(cors({
origin: ['http://localhost:3000', 'https://myapp.example.com'],
methods: ['GET', 'POST', 'DELETE', 'PUT', 'OPTIONS'],
credentials: true,
allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With']
}));
I’m pretty sure the problem is related to how the delete request is being intercepted, but I’m not sure how to fix it. I’ve tried everything I could find online, but nothing seems to work.
Any ideas on how to solve this? I’m really stuck and would appreciate any help!
hey, i’ve had a similar issue. check that your server responds to OPTIONS requests - sometimes firewalls block 'em. also, verify your delete request sends correct headers. try postman to test the endpoint if unsure.
In one project, I encountered a similar issue where the DELETE request triggered a preflight OPTIONS call that wasn’t handled correctly. To resolve this, I added an explicit route to process OPTIONS requests before other routes:
app.options('*', cors());
This adjustment ensures that preflight requests get the appropriate CORS headers. Additionally, ensure that no other middleware or security settings are interfering with the OPTIONS responses, and check that the DELETE request from the client includes the necessary headers and credentials.
hmm, interesting problem! have u tried adding a specific route for DELETE requests? sometimes that helps bypass CORS issues. also, double-check ur client-side code - maybe theres a tiny config error there? what library r u using for HTTP requests on the frontend?