Hello Twitch Developer Support,
I’m currently developing a Twitch Extension that uses a backend hosted on Vercel. The extension frontend is served from https://anilistprofile.vercel.app
, and the backend API endpoints are located at https://anilist-extension.vercel.app/api
.
While testing the extension in Hosted Test mode, I’m encountering a persistent CORS error when trying to send a fetch()
request from the extension to my backend:
Access to fetch at ‘https://anilist-extension.vercel.app/api/save-username’ from origin ‘https://anilistprofile.vercel.app’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I’ve already configured my backend to handle CORS properly by explicitly setting the following headers in the response:
Access-Control-Allow-Origin: https://anilistprofile.vercel.app
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
I also handle OPTIONS
preflight requests correctly and return a 200
status.
Despite this, Twitch Hosted Test continues to block the request, and the browser reports a failed fetch due to missing CORS headers. I’ve verified that the headers are present when testing the endpoint directly via curl and Postman.
Could this be related to how Twitch Hosted Test enforces Content Security Policy or origin validation? Is there a specific configuration or domain requirement I need to meet for Twitch to allow communication between these two Vercel-hosted domains?
Any guidance or clarification would be greatly appreciated.
Let me know if you’d like to include screenshots, logs, or a link to your extension manifest for context. I can help you format those too
My repository on github: GitHub - mici1708/anilistprofile