Bolt api

CORS Preflight Request Timeout - OPTIONS Request Failing

POST or other non-simple requests fail because the CORS preflight OPTIONS request times out. Browser doesn't even send the actual request.

Requests work in some browsers but not others, or fail intermittently.

Error Messages You Might See

OPTIONS request timeout Preflight request failed No 'Access-Control-Allow-Methods' header CORS preflight failed
OPTIONS request timeoutPreflight request failedNo 'Access-Control-Allow-Methods' headerCORS preflight failed

Common Causes

  1. Server doesn't handle OPTIONS method
  2. OPTIONS request takes too long to respond
  3. Firewall blocking OPTIONS method
  4. CORS headers missing in OPTIONS response
  5. Preflight cache too short, requesting too frequently

How to Fix It

Ensure server responds to OPTIONS: if(request.method === 'OPTIONS') return new Response(null, { status: 200, headers: corsHeaders })

Response must include CORS headers: 'Access-Control-Allow-Methods', 'Access-Control-Allow-Headers', 'Access-Control-Max-Age'

Set long max-age: 'Access-Control-Max-Age': '86400' (24 hours)

Use middleware to add CORS to all routes

Real developers can help you.

MFox MFox Full-stack professional senior engineer (15+years). Extensive experience in software development, qa, and IP networking. AUXLE AUXLE I am a Full Stack Developer experienced in building Websites, Web apps and Cross Platform Mobile Apps for Startups and Companies. David Olverson David Olverson Solo dev shipping production apps with AI-assisted development. I specialize in rescuing broken Lovable/Bolt/Cursor builds and taking them to production. 10+ apps shipped including SaaS CRMs, gaming platforms, real estate tools, and Discord bots. Stack: Next.js 16, TypeScript, Tailwind CSS, FastAPI, PostgreSQL, Prisma. I use Claude Code with 50+ custom skills for rapid delivery. Average turnaround: 2-4 weeks from broken prototype to production. Matt Butler Matt Butler Software Engineer @ AWS Simon A. Simon A. I'm a backend developer building APIs, emulators, and interactive game systems. Professionally, I've developed Java/Spring reporting solutions, managed relational and NoSQL databases, and implemented CI/CD workflows. zipking zipking I am a technologist and product builder dedicated to creating high-impact solutions at the intersection of AI and specialized markets. Currently, I am focused on PropScan (EstateGuard), an AI-driven SaaS platform tailored for the Japanese real estate industry, and exploring the potential of Archify. As an INFJ-T, I approach development with a "systems-thinking" mindset—balancing technical precision with a deep understanding of user needs. I particularly enjoy the challenge of architecting Vertical AI SaaS and optimizing Small Language Models (SLMs) to solve specific, real-world business problems. Whether I'm in a CTO-level leadership role or hands-on with the code, I thrive on building tools that turn complex data into actionable value. Alvin Voo Alvin Voo I’ve watched the tech landscape evolve over the last decade—from the structured days of Java Server Pages to the current "wild west" of Agentic-driven development. While AI can "vibe" a frontend into existence, I specialize in the architecture that keeps it from collapsing. My expertise lies in the critical backend infrastructure: the parts that must be fast, secure, and scalable. I thrive on high-pressure environments, such as when I had only three weeks to architect and launch an Ethereum redemption system with minimal prior crypto knowledge, turning it into a major revenue stream. What I bring to your project: Forensic Debugging: I don't just "patch" bugs; I use tools like Datadog and Explain Analyzers to map out bottlenecks and resolve root causes—like significantly reducing memory usage by optimizing complex DB joins. Full-Stack Context: Deep experience in Node.js and React, ensuring backends play perfectly with mobile and web teams. Sanity in the Age of AI: I bridge the gap between "best practices" and modern speed, ensuring your project isn't just built fast, but built to last. Antriksh Narang Antriksh Narang 5 years+ Experienced Dev (Specially in Web Development), can help in python, javascript, react, next.js and full stack web dev technologies. Anthony Akpan Anthony Akpan Developer with 8 years of experience building softwares fro startups Luca Liberati Luca Liberati I work on monoliths and microservices, backends and frontends, manage K8s clusters and love to design apps architecture

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

What is preflight?

Browser sends OPTIONS request to check if server allows cross-origin request. Server responds with allowed methods/headers

How long should preflight cache?

Access-Control-Max-Age: 86400 (24 hours). Longer is better - fewer OPTIONS requests

Which requests need preflight?

Non-simple: PUT, DELETE, POST with custom headers. Simple: GET, HEAD, POST with form-data

Related Bolt Issues

API Route Returns 500 Error - Internal Server Error

api

CORS Error - Cross-Origin Request Blocked

api

API Request Timeout - Endpoint Takes Too Long

api

Webhook Not Receiving Requests - Events Not Triggered

api

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help