V2 CORS Support


Is there no CORS support? I am receiving an error in preflight “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”. Sample javascript code below (with API key removed) pasted below. Thanks in advance for any assistance.

var OS_KEY = ‘xxxxxxxxx’; // Actual API key filled in
var API_url = ‘https://openstates.org/graphql’;
var myQuery = ‘{people(first: 3){edges{node{name}}}}’;

var myHeaders = new Headers();
myHeaders.append(‘Accept’, ‘application/json’);
myHeaders.append(‘Content-Type’, ‘application/json’);
myHeaders.append(‘X-API-KEY’, OS_KEY);

fetch(API_url, {
method: ‘POST’,
mode: ‘cors’,
headers: myHeaders,
body: JSON.stringify({query: myQuery}),


Yeah, I’m getting the same error. This drastically limits the usefulness of the v2 api for me.

I’m going to proxy all the queries from my server, and wrap them in a simpler API for client-side usage.


You should post an issue at https://github.com/openstates/openstates.org/issues . There isn’t one yet, and that will get it onto the wishlist.


Just jumping in to say that I’m also experiencing this issue for a client, and it severely limits the usability of v2 for me. Hoping something can get fixed soon, and going to go check github now to see if there is an existing issue.


@mcarmody has posted an issue on this:

Other folks for whom this is a problem may want to give it a thumbs-up.


Just pushed what I believe is a fix for this if people can confirm! Sorry about that!



i’m getting the same error as the original post. Not sure whats the best way to fix.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://openstates.org/graphql. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

i can get it to work by using disable-web-security option when opening chrome from the terminal.

does this API use cors? if so, is it set to allow all?

not sure how i can get it to work other than using a proxy./server for the ajax requests.

any help would be greatly appreciated

my current request looks like this:

fetch(‘https://openstates.org/graphql’, {
method: ‘POST’,
mode: ‘cors’,
headers: { ‘Content-Type’: ‘application/json’, ‘X-API-KEY’: sunlight, ‘Content-Type’: ‘application/json’ },
body: JSON.stringify({ query: myQuery}),})



Can you open a new ticket for this? Please include the response you get from the server as I’m seeing CORS headers in my requests so far so we’ll need to figure out what’s different.


hi James,

thanks for the suggestion. i put in a ticket.
i’m kinda new to programming so maybe its something easy i’m missing.

thanks agian,


This topic was automatically closed 70 days after the last reply. New replies are no longer allowed.