CORS error on deployed React app, but not on local development or production built app

Hi everyone,

I am working on a React job search application, using the GitHub Jobs API, which has a same origin policy.

Here is a link to my github repo GitHub - camcgreen/jobstasy: Job search app. Built using Create React App, React Router, Firebase and GitHub Jobs API. Designed using Figma, with inspiration taken from Himalayas.

I am getting the CORS policy: No ‘Access-Control-Allow-Origin’ error when I deploy my app with Firebase but it is working fine when run locally.

I am prefixing my API calls with as a CORS anywhere type-approach for the sake of simplicity. My understanding was that this should work no matter what the origin of the request is (localhost or a live deployed site) but perhaps I have misunderstood.

I know this is commonly asked question but I can’t see what I’m doing wrong, so any help would be greatly appreciated!

Also apologies if I haven’t provided enough info, this is my first post here. :slightly_smiling_face:


Hi @camcgreen !

Welcome to the forum!

I am moving this topic to the javascript section since you are asking about react.

You will also get more responses if you share your code.
If you could share a link to your github repo that would be great.

Hi @jwilkins.oboe

Thank you for such a quick reply!

Here is the link to my GitHub repo:

The particular block of code I am having trouble with is this:

jobs = await axios(

Found in src/components/Jobs.js line 161.

The jobs array populates when I run locally:

but I get a CORS error when I run the live production app


I have edited your post to also include the github link.

I am not as far long as you so I wouldn’t be able to assist you .
But there are plenty of people on the forum with the expertise that would be happy to help.

Also, keep in mind that sundays are sometimes slow on the forum.
So if it takes a while for someone to respond then that is normal.

Good luck!

Great, thank you! :grinning:

Hello there,

Others might have a nicer solution, but the only way I have ever avoided this error is by using cors in a backend API. That is, you will need to create a backend, and fetch the data from there, to pass to your frontend.

This way, you have more control over the headers in the request.

Hope this helps

Hi @Sky020 ,

Thank you, that’s what I feared but probably needed to hear!

I’m very inexperienced with working with a backend, I thought I might be able to get around it with http-proxy-middleware .

I tried setting up a proxyServer.js with the following code:

const proxy = require("http-proxy-middleware");

module.exports = app => {
      target: "",
      changeOrigin: true

Sadly it didn’t work but in my head this should mean that any requests sent to would be forwarded to So in theory for example would be forwarded to and so would be same origin, but no luck unfortunately.

I will have a bit more of a look into setting up a back-end for this.