API works in Postman but fails in browser due to missing CORS configuration.
API works in Postman but fails in browser with CORS error
Browser blocks request because server does not allow cross-origin access
You test your API in Postman — everything works fine.
Then you call it from your frontend — suddenly it fails.
Error:
Access to fetch at 'API_URL' from origin 'localhost' has been blocked by CORS policy
Why this happens:
Postman does not enforce browser security rules, but browsers do.
Root cause:
Your backend is not allowing cross-origin requests.
Fix in Node.js (Express):
const cors = require("cors");
app.use(cors());Or configure specific origin:
app.use(cors({
origin: "http://localhost:3000"
}));After adding this, your API will work correctly in the browser.
More Bug of the Days
API Returns Cached Data Even After Update
Your API returns old data even after updating records due to caching issues in browser, CDN, or server.
🐛Pagination Worked… Until Data Changed
Pagination broke in production because page numbers were used instead of stable identifiers.
🐛Search Worked Locally but Failed in Production
A search feature worked perfectly on local data but failed in production because matching was case-sensitive in one environment and inconsistent in real records.
Get a new Bug of the Day in your inbox
Subscribe to Stack Dev Life — free, no spam, unsubscribe anytime.
Subscribe free →