How to enable CORS?

How can we enable CORS in Backendless Pro?

They are enabled by default, what kind of issue do you have?

It says Access to XMLHttpRequest at “rest api url” from origin “http://localhost” has been blocked by CORS policy. Request header field Pragma is not allowed by Access-Control-Allow-Headers in preflight response.

If you get this error at Backendless Console -> Data -> Rest console section then you have to go to http://<your-ip>:8500/ui/#/dc1/kv/config/server/publicHost/edit and change localhost to your IP then refresh browser.

Already it has my IP.

How I can reproduce the issue?

I am just calling the api in ReactJS application

please upload sample that reproduces the issue

Ok so for example, I have an api which i call in componentDidMount,
const apiConfig = { method: 'GET', headers: { "Content-Type": "application/json", "Cache-Control": "no-cache, no-store", "Expires": "0", "Pragma": "no-cache" }, }; fetch(, apiConfig) .then((response) => { console.log("RESPONSE",response); })

so if i pass "Cache-Control": "no-cache, no-store", "Expires": "0", "Pragma": "no-cache"
in Header i get

We will verify it in our environment. I see you still have not ran the update. When are you going to do it?

@mark-piller As we have a demo on 12th, and as all the setup is done, also api’s are written so, we have decided to show the demo on 12th and then update.

I am able to reproduce the issue with this headers. But if remove it everything works fine. Our server does not expect this headers. Why do you need it? Do you have some proxy server that cache requests?

When we remove these headers and try, we are still getting the CORS issue
But all the GET calls from the application will have the above mentioned headers. It is a generic GET function that will be utilized by all the calls, that is how the application is.
We may not be able to selectively remove headers for specific requests.

Is there any possible fix for this issue from your end ?

Also If i pass Authourization:“Token” in the header it says
Access to fetch at '{api url}' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

As a workaround, you can deploy your HTML/JS client into the Files section of the Backendless app and load it from there. It will remove all CORS issues.

Saved my day, thanks a lot!!!

we have fixed the issue. you need to upgrade your installation. to do that you can use following script just save it in the same directory where located. and run ./, make sure that script has execution permission. the script will pull latest version and upgrade installation that is running

Thank you @sergey.kuk