Facebook Pixel

How should CORS be handled in production for the Swiggy API?

Call the API through your own backend, which can add the correct CORS headers and proxy the request. Never disable CORS in production, because it exists for security and removing it exposes your users to risks.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in Why the Swiggy API Blocks Localhost and How to Work Around It

Because the API checks the Origin header, and localhost is not in its allowed origins. The server does not return the CORS headers the browser needs, so the browser blocks the response, even though the request actually reached the server.

Because Postman is not a browser and does not enforce CORS. The browser blocks the response because the server did not grant your origin permission. The request reaches the server fine; the browser just refuses to hand you the response.

The cleanest fix is a development proxy. Your bundler or a small backend forwards the request from a server-side origin, avoiding the browser's CORS rules entirely for local development.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.