> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# CORS issues on developer portal

<Warning>
  **Legacy: Tyk Classic Portal**

  You're viewing documentation for the **Tyk Classic Portal**, which is no longer actively maintained.

  If you're looking for the latest API documentation for the **new Tyk Developer Portal**, please refer to the
  [Postman collection](/5.9/product-stack/tyk-enterprise-developer-portal/api-documentation/tyk-edp-api) or visit the
  [Tyk Developer Portal](/5.9/portal/overview/intro) section.

  The Classic Portal is in maintenance mode and will be deprecated soon. For questions or support, contact us at
  [support@tyk.io](<mailto:support@tyk.io?subject=Tyk classic developer portal>).
</Warning>

### Description

You get following errors in the browser console:

```
Access to fetch at 'https://<Your Gateway URL>/<Your API>/' from origin 'https://<Your Dashboard URL>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
```

```
POST https://<Your Gateway URL>/<Your API>/ net::ERR_FAILED
```

### Cause

The CORS middleware in the Gateway is blocking this request. This can happen when the CORS settings of the API are not enabled or misconfigured for the developer portal.

### Solution

Make sure that your CORS in the `Advanced Options` of the API is enabled and the settings are correct. This means:

* `Allowed Origins` should allow the developer portal domain
* `Allowed Methods` should allow all methods needed for API documentation (at least `GET` and `POST`)
* `Allowed Headers` should allow at least `Origin`, `Content-Type` and for authenticated requests the authorization header (e.g. `Authorization`)

> **Note:** When creating a new API with Dashboard v3.1 and higher the CORS settings will be prefilled with some default values (but **disabled** by default).

You can learn more about CORS on this pages:

* [CORS in API Definition](/5.9/api-management/gateway-config-tyk-classic#cross-origin-resource-sharing-cors)
* [How to setup CORS](/5.9/api-management/troubleshooting-debugging#how-to-setup-cors)