Cross-Origin Resource Sharing (CORS) is a security measure implemented by all modern browsers that help keeps your navigation secure by preventing attack vectors like Cross-Site Scripting. The Orbit API adheres to the CORS mechanism by only allowing API calls originating from a restricted number of domains.
In practice, this means that you cannot make browser-based API calls from a Single-Page Application. Calling the Orbit API from your React (or Vue, or Angular…) components using client-side
You can work around this restriction by making your client-side API call into a server-side one:
- If your Single-Page Application works on top of a dedicated backend, you can implement the Orbit API call in that backend;
- If your Single-Page Application has no dedicated backend (à la Jamstack), you can leverage Netlify Functions, Vercel Serverless Functions, AWS Lambdas, or similar services to move the API call to the server.