The latest articles on DEV Community by Nilotpal Baishya (@bynilotpal). https://dev.to/bynilotpal https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3965951%2Faaea1422-1fc3-4134-bde7-a7b0d5c9bb33.jpg https://dev.to/bynilotpal en Nilotpal Baishya Wed, 03 Jun 2026 10:57:54 +0000 https://dev.to/bynilotpal/my-first-cors-error-in-fastapi-45jo https://dev.to/bynilotpal/my-first-cors-error-in-fastapi-45jo <p>I'm learning FastAPI. And I am not a person who can learn by watching tutorials.</p> <p>So I decided to learn while building. So I built something small just to start with FastAPI. A basic expense tracker.</p> <p>Nothing fancy. Just a FastAPI backend with a few endpoints and a simple HTML page with JavaScript. There are three buttons in it: Load Expenses, Add Expense, Calculate Total. I just wanted to see how frontend talks to backend.</p> <h3> Everything seemed fine </h3> <p>I started the server. No errors. Tested my API in Swagger UI. Worked perfectly. Then I opened my HTML file. Clicked "Load Expenses."</p> <p>But there was nothing. like no expenses, no error, just nothing.</p> <p>I stared at the screen thinking <em>What did I do wrong?</em></p> <h3> I blamed my backend first </h3> <p>I thought I messed up my Python code. I checked everything but there was nothing wrong. Then tested Swagger UI again. The endpoint was fine.</p> <h3> Then I blamed my frontend </h3> <p>So I went to check my fetch request. It looked fine to me. I checked the button. Worked fine. But after all this there was still nothing.</p> <h3> Then I opened the browser console </h3> <p>This was the moment. I clicked F12 and saw this red error:</p> <p>Access to fetch at '<a href="http://127.0.0.1:8000/expenses" rel="noopener noreferrer">http://127.0.0.1:8000/expenses</a>' from origin '<a href="http://127.0.0.1:3000" rel="noopener noreferrer">http://127.0.0.1:3000</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.</p> <p>I had no idea what CORS meant.</p> <h3> What I learned </h3> <p>I learnt that my backend was working the whole time. I searched about CORS error and came to know about what is CORS and all. The browser was blocking it. SO my frontend was on port 3000 and my backend was on port 8000.They are different ports. The browser saw them as different "origins" and said "nope, not allowed unless the backend gives permission." <br> My backend wasn't giving permission. So I added the CORS middleware, it adds special HTTP headers to my backend responses.</p> <h3> The fix </h3> <p>I added this to my FastAPI code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi.middleware.cors</span> <span class="kn">import</span> <span class="n">CORSMiddleware</span> <span class="n">app</span><span class="p">.</span><span class="nf">add_middleware</span><span class="p">(</span> <span class="n">CORSMiddleware</span><span class="p">,</span> <span class="n">allow_origins</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">http://127.0.0.1:3000</span><span class="sh">"</span><span class="p">],</span> <span class="n">allow_methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">],</span> <span class="n">allow_headers</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <h3> What stuck with me </h3> <p>The fix was four lines. But what I actually learned was:</p> <ol> <li><p>I should always open the browser console FIRST. At least not after checking everything else.</p></li> <li><p>Test my API separately before blaming it.</p></li> <li><p>CORS errors are browser things, not code bugs.</p></li> </ol> api fastapi backend