JavaScript Answers

How to allow the Access-Control-Allow-Origin header using HTML5 fetch API with JavaScript?

Spread the love

To allow the Access-Control-Allow-Origin header in an HTTP request using the HTML5 Fetch API with JavaScript, you need to ensure that the server you are making the request to includes this header in its response.

The Access-Control-Allow-Origin header is used for Cross-Origin Resource Sharing (CORS) and it indicates whether the response can be shared with resources from the given origin.

Here’s a basic example of how you might make a fetch request with the Fetch API in JavaScript:

  .then(response => {
    if (!response.ok) {
      throw new Error('Network response was not ok');
    return response.json();
  .then(data => {
    console.log('Data received:', data);
  .catch(error => {
    console.error('There was a problem with the fetch operation:', error);

In this example, fetch is used to make a request to

If the server at includes the appropriate Access-Control-Allow-Origin header in its response, then the request will be allowed.

If you’re developing the server-side code yourself, you need to configure it to include the Access-Control-Allow-Origin header in the response. For example, in Node.js with Express.js, you might use middleware to enable CORS:

const express = require('express');
const app = express();

// Enable CORS for all routes
app.use((req, res, next) => {
  res.setHeader('Access-Control-Allow-Origin', '*');

// Your routes and other middleware here

app.listen(3000, () => {
  console.log('Server is running on port 3000');

In this Express.js example, the middleware adds the Access-Control-Allow-Origin: * header to every response, allowing requests from any origin.

This is a very permissive setting, and in production, you might want to restrict it to specific origins.

By John Au-Yeung

Web developer specializing in React, Vue, and front end development.

Leave a Reply

Your email address will not be published. Required fields are marked *