Working around CORS in create-react-app

Working around CORS in create-react-app

One problem we often face as frontend developers is dealing with CORS when making API requests.

What is CORS?

CORS (Cross-Origin Resource Sharing) is essentially a mechanism that allows a server to express what other domains can make requests to it. For example, my app could be hosted on, so only requests made from that same domain are allowed. If another app hosted on tried to make a request to, it would fail depending on the CORS policy.

Where does CRA fit in?

While using CRA (create-react-app), I've often run into a situation where I want to test my local changes against another team's API endpoint. I mean, there's only so much mocking you can rely on! By default, CRA runs locally on http://localhost:3000, so if I try to make an API request out to, CORS would block it. However, when developing locally, CRA lets us get around this by proxying all unknown requests to a specified domain. This can now help us make sure our frontend code lines up with the backend's responses.

What's the workaround?

All we need to do is add one new field in package.json. For example:

"proxy": "",

After you restart your CRA dev server, you should now be free to make requests to This will of course only work locally and you should only make requests to a dev API endpoint, not production. That's it!

Want to see more?

I mainly write about real tech topics I face in my everyday life as a Frontend Developer. If this appeals to you then feel free to follow me on Twitter:

Bye for now 👋