Persistent CORS Error with n8n Cloud Webhook Despite Environment Variables

Questions
1

Hi n8n Community,

I’m having trouble resolving a persistent CORS error when trying to connect a custom frontend UI (hosted on Netlify) to an n8n Cloud webhook trigger.

Setup:

  • Frontend: Custom HTML/JavaScript using fetch (POST request with Content-Type: application/json ). Hosted on Netlify.
  • Frontend Origin URL: https://67f1a5c6904f4600085bbd69--la-roca-cafe-demo.netlify.app (Verify this is the latest URL if Netlify has redeployed)
  • Backend: n8n Cloud instance (brucelee707.app.n8n.cloud ) using a standard “Webhook” trigger node, configured to respond using a “Respond to Webhook” node.

Problem:

When the frontend attempts to fetch data from the n8n webhook URL, the browser console shows a CORS preflight error: Access to fetch at 'https://brucelee707.app.n8n.cloud/webhook/...' from origin 'https://67f1a5c...netlify.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Troubleshooting Steps Taken:

I’ve followed the standard documentation for configuring CORS on n8n Cloud by setting environment variables in the instance dashboard (“Variables” section):

  1. Set WEBHOOK_CORS_ALLOWED_ORIGINS to the exact Netlify origin URL above. Saved. Error persisted.
  2. Set WEBHOOK_CORS_ALLOWED_METHODS to GET,HEAD,POST,PUT,DELETE,OPTIONS . Saved. Error persisted.
  3. Set WEBHOOK_CORS_ALLOWED_HEADERS to Content-Type, Authorization, X-Requested-With, Accept . Saved. Error persisted.
  4. Tried using the alternative N8N_ALLOWED_ORIGINS , N8N_ALLOWED_METHODS , N8N_ALLOWED_HEADERS keys instead. Saved. Error persisted.
  5. Tried setting the _ORIGINS variable value to * as a temporary diagnostic test. Saved. Error still persisted.
  6. Checked carefully for typos in keys and values.
  7. Looked for, but could not find, any explicit “Restart” or “Redeploy” option for the instance in the n8n Cloud dashboard after saving the variables.

Question:

Despite setting the recommended CORS environment variables correctly (including testing with * ), my n8n Cloud instance doesn’t seem to be sending the required Access-Control-Allow-Origin header in the preflight response.

Is there another environment variable name I should be using for CORS on n8n Cloud? Is there a known issue, or is a manual instance restart required after changing variables, and if so, how can I trigger it? Any other suggestions would be greatly appreciated!

Thanks!

2

Hi, what is the result if you set it manually on the webhook itself, like in this post : No ‘Access-Control-Allow-Origin’ header is present on the requested resource - #12 by jan

reg,
j.

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.