Configure a webhook trigger for CORS requests

Though this is related to triggers, it's most often used in conjunction with App Builder. Learn more about Rewst's App Builder in our documentation here.

What is a CORS request?

When referencing a Rewst web hook in JavaScript in an App Builder page— or outside of Rewst— you may see the error TypeError: Failed to fetch. This happens when the browser blocks your request because it does not allow cross-origin requests by default.

To make your webhook accessible from a web page, you must configure CORS (Cross-Origin Resource Sharing) headers and enable OPTIONS requests on your webhook.

Note that wait for webhook cannot be set to true for this to work. Additionally, this webhook shouldn't use a secret key.

Add CORS headers to your web hook response

Open your webhook trigger inside the workflow.
Open the response headers.
Add the following headers:

{
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "https://YOURDOMAINHERE",
"Access-Control-Allow-Methods": "POST, GET, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type"
}

Important - Match the exact origin of your site.

✅ https://bclimer-cors-test.rew.st

❌ https://bclimer-cors-test.rew.st/

Avoid using * unless the webhook is fully public and returns no sensitive data.

Reference table

Header

Description

Example

Access-Control-Allow-Origin

Defines which site may call your webhook

https://your-frontend-domain.com

Access-Control-Allow-Methods

Lists allowed HTTP verbs

GET, POST, OPTIONS

Access-Control-Allow-Headers

Lists allowed custom headers

Content-Type

OPTIONS

Preflight permission check

Must return 200 with headers

Handle OPTIONS preflight requests

Browsers send an OPTIONS request before certain POST or PUT requests to confirm that CORS is allowed. Your webhook must allow OPTIONS requests for this to succeed.

Add OPTIONS under the Allowed Methods field of your Trigger Parameters menu in workflow settings.

Troubleshoot the CORS webhook trigger

Trailing slash in origin

Try removing the slash from the end of your domain.

Missing OPTIONS handler

Add the OPTIONS method to the webhook.

PreviousTrigger use cases and examples NextCustomize PSA ticket triggers

Last updated 9 days ago

Was this helpful?

hashtagWhat is a CORS request?

hashtagAdd CORS headers to your web hook response

hashtagReference table

hashtagHandle OPTIONS preflight requests

hashtagTroubleshoot the CORS webhook trigger

hashtagTrailing slash in origin

hashtagMissing OPTIONS handler