CORS Origin Problem while creating Customer from frontend

Access to XMLHttpRequest at ‘’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field pragma is not allowed by Access-Control-Allow-Headers in preflight response.

I am trying to create customer from the frontend(React JS) using the clientToken generated from the NodeJS Server. Getting the above error.

Am I missing something in the code ? OR if the CustomerCreation is required to be called from the Server instead of client.

await axios(,
method: ‘POST’,
headers: {
Accept: ‘application/vnd.dwolla.v1.hal+json’,
Authorization: Bearer ${dwollaToken}
data: {
firstName: ‘Test’
lastName: ‘Name’
email: ‘’
if (customerCreationResponse.status === 201) {

This API Call is working with CORS UNBLOCK extension in Client Browser.

Hi @Ank – I appreciate the detailed post!

You got it right, all calls to the API needs to be made from the server-side.

@shreya Are the drop in components some kind of exception to this rule?

We have been seeing similar issues recently but previously had success generating tokens from the back end server and passing them to the front end for the drop-in components to directly communicate PII and PCI data to the Dwolla APIs.

@YourLandLoans Yes, the drop-in components library (dwolla-web.js) would be an exception to this rule. There are various endpoints that the the drop-ins library calls that are opened up for CORS requests.

1 Like