I’m testing sending queries to Monday from a locally hosted app.
When making the request, I get this CORS error:
Access to fetch at 'http://api.monday.com/v2' from origin 'http://localhost:4567' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
Is there a way to allow redirects for preflight requests in CORS?
Hey Bryan!
Hmm. Are you making calls to our API directly from a webpage in a browser? What are you doing with your app?
I did some research on preflight requests and they seem to be a common check that browsers perform. To avoid this error, any chance you can route requests from your page to some server-side code, and use the server to make the API calls?
I’d also love to see your code so we can identify if there are other workarounds here.
Cheers,
Dipro
Hey! Thanks, sorry for the late reply here.
I’m testing it from a browser using the NodeJS package graphql-request, but we’re going to just use the Zendesk plugin + Zapier. It’s enough for what we need.
Cheers,
Just wanted to reopen this since it seems like one of our most-viewed topics.
The root cause of this issue is that our API does not allow cross-origin requests. That is, the endpoint does not return Access-Control-Allow-Headers in the response.
If you have feedback on this issue, please add an upvote (and, if you want, a brief overview of your use case)!
And if anyone wants an overview of the CORS mechanism, check out this guide from Mozilla: Cross-Origin Resource Sharing
Hey community! I wanted to update that our main API endpoint (api.monday.com/v2) now supports cross origin requests!!!
Now you can make requests to our API directly from your website or client-side app 
Just ensure you include the Access-Control-Allow-Origin: * header in your request.
Enjoy!
Heads up: Our dedicated file endpoint (api.monday.com/v2/file) still does not support CORS.