How to Handle CORS Errors When Calling the Swiggy API
CORS errors are the most common issue with the Swiggy API in React. Here is exactly how to handle them in development and production.
How to Handle CORS Errors When Calling the Swiggy API
CORS errors are the single most common issue when calling the Swiggy API from a React app. Here is exactly how to handle them.
What a CORS Error Means
The browser blocked the response because the server did not grant your origin permission. The request reached the server; the browser just refused to give you the response.
Why It Happens With the Swiggy API
The API does not include your localhost or your domain in its allowed origins, so it does not return the CORS headers the browser requires.
Fix in Development: Use a Proxy
Configure a proxy in your bundler or run a small backend proxy. The proxy makes the request from a server-side origin, bypassing the browser's CORS rules entirely.
Fix in Development: Browser Extension
For quick testing, a CORS-disabling browser extension works. It is not a real solution and must never reach production.
Fix in Production: Backend Proxy
In production, call the API through your own backend, which can forward the request and add correct headers. Never expose the user to raw third-party CORS issues.
Do Not Disable CORS in the Browser for Users
CORS protects users. Telling users to disable it is not a fix; it is a security risk. The real fix is always server-side.
The Takeaway
CORS errors mean the server did not allow your origin. Use a proxy in development and route through your own backend in production. Never ask users to disable CORS.
It means the browser blocked the response because the server did not grant your origin permission. The request actually reached the server; the browser just refused to hand you the response because the required CORS headers were missing.
Use a proxy. Configure one in your bundler or run a small backend proxy. The proxy makes the request from a server-side origin, bypassing the browser's CORS rules entirely for local development.
Call the API through your own backend, which forwards the request and adds the correct headers. Never expose users to raw third-party CORS issues, and never ask users to disable CORS, because it is a security feature.
Only for quick local testing. It disables CORS in your browser, which works in development but is not a real solution and must never be used in production or asked of users.
Because CORS is a security feature that protects users from malicious cross-origin requests. Telling users to disable it exposes them to risks. The real fix is always server-side, through a backend proxy.
Ready to master React completely?
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.
Master React
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course.

