Why should I not tell users to disable CORS?
Because CORS is a security feature that protects users from malicious cross-origin requests. Telling users to disable it exposes them to risks. The real fix is always server-side, through a backend proxy.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in How to Handle CORS Errors When Calling the Swiggy API
It means the browser blocked the response because the server did not grant your origin permission. The request actually reached the server; the browser just refused to hand you the response because the required CORS headers were missing.
Use a proxy. Configure one in your bundler or run a small backend proxy. The proxy makes the request from a server-side origin, bypassing the browser's CORS rules entirely for local development.
Call the API through your own backend, which forwards the request and adds the correct headers. Never expose users to raw third-party CORS issues, and never ask users to disable CORS, because it is a security feature.
Still have questions?
Browse all our FAQs or reach out to our support team
