CORS issues when trying to create users via Softr's API endpoint, in the custom code block.

evlo_malik · October 30, 2024, 1:29pm

Hey! I’m trying to create new users on my Softr website (using cutom code block) using the Softr API. I’m attempting to make POST requests to ‘https://studio-api.softr.io/v1/api/users’ directly from my custom code block on my Softr website.

However, I’m running into CORS issues. Even though I’m making the request from my Softr domain to the Softr API, I get this error:

‘Access to fetch at ‘https://studio-api.softr.io/v1/api/users’ from origin ‘https://www.famcareai.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’

Is there a way to somehow bypass those CORS errors? I don’t even understand why I’m getting them, considering the fact that I’m making an API request from my custom domain, to the same domain. (I assumed that I can only get CORS issues if I called this API from another website with another domain). I know I can use platforms like Make, but I wanted to do it directly from my custom code block. Thanks.

Jjenglert · October 30, 2024, 2:03pm

Hi there - i’d recommend contacting customer support for this so can get into your app and see what’s going on.

evlo_malik · October 30, 2024, 2:18pm

Hey, that’s exactly what I did, but they told me to ask here because they don’t know

Jjenglert · October 30, 2024, 2:20pm

I see. Here are some suggestions:

Creating an API token for it means that key has authority to make any changes to your app, it should never be exposed in app itself (e.g. one user could delete another user)

Create a workflow somewhere (Zapier, Make, etc.) using Softr API to create a user
Format request to for that endpoint via Call API feature or custom code (though make sure to only pass relevant info without auth)
That workflow then triggers a call to our backend to create the user via our API.

keymaker · October 30, 2024, 4:35pm

@evlo_malik This. For context, in the no-code world it is common to encounter CORS issues if you are making API requests client-side because a number of REST APIs only accept requests server-side (e.g., Twitter).

sahilkhosla · October 30, 2024, 6:33pm

You are getting the error because you are making a call from famcareai.com to softr.io domain. There is no straightforward or recommended way to bypass this – it is there for a reason.

Can you explain what are you trying to do so we can help with an alternative solution?