Bolt api

CORS Preflight Request Timeout - OPTIONS Request Failing

POST or other non-simple requests fail because the CORS preflight OPTIONS request times out. Browser doesn't even send the actual request.

Requests work in some browsers but not others, or fail intermittently.

Error Messages You Might See

OPTIONS request timeout Preflight request failed No 'Access-Control-Allow-Methods' header CORS preflight failed
OPTIONS request timeoutPreflight request failedNo 'Access-Control-Allow-Methods' headerCORS preflight failed

Common Causes

  1. Server doesn't handle OPTIONS method
  2. OPTIONS request takes too long to respond
  3. Firewall blocking OPTIONS method
  4. CORS headers missing in OPTIONS response
  5. Preflight cache too short, requesting too frequently

How to Fix It

Ensure server responds to OPTIONS: if(request.method === 'OPTIONS') return new Response(null, { status: 200, headers: corsHeaders })

Response must include CORS headers: 'Access-Control-Allow-Methods', 'Access-Control-Allow-Headers', 'Access-Control-Max-Age'

Set long max-age: 'Access-Control-Max-Age': '86400' (24 hours)

Use middleware to add CORS to all routes

Real developers can help you.

Vlad Temian Vlad Temian 15+ years shipping production infrastructure for startups. Former CTO at qed.builders (acquired by The Sandbox). Cursor ambassador and agentic tooling builder. I've scaled systems, automated deployments, and built observability tools for AI coding workflows. I specialize in taking vibe-coded apps from broken prototype to production-ready: fixing Supabase auth/RLS, Stripe integrations, deployment pipelines, and cleaning up AI-generated spaghetti. I build tools in this space (agentprobe, claudebin, micode) and understand both sides: how AI generates code and why it breaks. https://blog.vtemian.com/ Matthew Butler Matthew Butler Systems Development Engineer @ Amazon Web Services Sage Fulcher Sage Fulcher Hey I'm Sage! Im a Boston area software engineer who grew up in South Florida. Ive worked at a ton of cool places like a telehealth kidney care startup that took part in a billion dollar merger (Cricket health/Interwell health), a boutique design agency where I got to work on a ton of exciting startups including a photography education app, a collegiate Esports league and more (Philosophie), a data analytics as a service startup in Cambridge (MA) as well as at Phillips and MIT Lincoln Lab where I designed and developed novel network security visualizations and analytics. I've been writing code and furiously devoted to using computers to make people’s lives easier for about 17 years. My degree is in making computers make pretty lights and sounds. Outside of work I love hip hop, the Celtics, professional wrestling, magic the gathering, photography, drumming, and guitars (both making and playing them) Caio Rodrigues Caio Rodrigues I'm a full-stack developer focused on building practical and scalable web applications. My main experience is with **React, TypeScript, and modern frontend architectures**, where I prioritize clean code, component reusability, and maintainable project structures. I have strong experience working with **dynamic forms, state management (Redux / React Hook Form), and complex data-driven interfaces**. I enjoy solving real-world problems by turning ideas into reliable software that companies can actually use in their daily operations. Beyond coding, I care about **software quality and architecture**, following best practices for componentization, code organization, and performance optimization. I'm also comfortable working across the stack when needed, integrating APIs, handling business logic, and helping transform prototypes into production-ready systems. My goal is always to deliver solutions that are **simple, efficient, and genuinely useful for the people using them.** David Olverson David Olverson Solo dev shipping production apps with AI-assisted development. I specialize in rescuing broken Lovable/Bolt/Cursor builds and taking them to production. 10+ apps shipped including SaaS CRMs, gaming platforms, real estate tools, and Discord bots. Stack: Next.js 16, TypeScript, Tailwind CSS, FastAPI, PostgreSQL, Prisma. I use Claude Code with 50+ custom skills for rapid delivery. Average turnaround: 2-4 weeks from broken prototype to production. Bastien Labelle Bastien Labelle Full stack dev w/ 20+ years of experience Antriksh Narang Antriksh Narang 5 years+ Experienced Dev (Specially in Web Development), can help in python, javascript, react, next.js and full stack web dev technologies. PawelPloszaj PawelPloszaj I'm fronted developer with 10+ years of experience with big projects. I have small backend background too Jaime Orts-Caroff Jaime Orts-Caroff I'm a Senior Android developer, open to work in various fields Kingsley Omage Kingsley Omage Fullstack software engineer passionate about AI Agents, blockchain, LLMs.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

What is preflight?

Browser sends OPTIONS request to check if server allows cross-origin request. Server responds with allowed methods/headers

How long should preflight cache?

Access-Control-Max-Age: 86400 (24 hours). Longer is better - fewer OPTIONS requests

Which requests need preflight?

Non-simple: PUT, DELETE, POST with custom headers. Simple: GET, HEAD, POST with form-data

Related Bolt Issues

API Route Returns 500 Error - Internal Server Error

api

CORS Error - Cross-Origin Request Blocked

api

API Request Timeout - Endpoint Takes Too Long

api

Webhook Not Receiving Requests - Events Not Triggered

api

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help