Can't make fetch requests to api/v1/sessions 🤡

Access to fetch at '' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I’ve added no-cors but that’s not what I want… The CURL request works fine btw.

Have you added http://localhost:8000 as a Trusted Origin for CORS? With that enabled, does the following request work?

fetch('', {credentials: "include"})
  .then((response) => {
    return response.json();
  .then((data) => {

Yes I have added that to Trusted Origins.

Yes that fetch does work. I think the sessions endpoint is messed up.

So the fetch code you provided works in browser. I tweaked your code a bit and this throws the error mentioned above:

fetch('', { // changed endpoint
    credentials: 'include',
    method: 'POST', // added this
    body: JSON.stringify({ // and this
    .then(response => response.json())
    .then(data => {

Adding ‘application/json’ Accept + Content-Type headers doesn’t help.

Hi @corysimmons

The /api/v1/sessions endpoint is not CORS enabled. The best solution would be to do this request through a back-end channel, providing an API call to authenticate te request.