API Call Blocked By CORS [Apex Legends]

I’m trying to call the Apex Legends API from a local server built with Node + Express. I have a JS script that runs:


I have not found a way to fix the error I’m getting (“http://” has been deleted from the below error because TRN doesn’t allow more than two links) :

Access to fetch at ‘public-api.tracker.gg/v2/apex/standard/profile/xbl/itspecailk/sessions’ from origin ‘http://localhost:8082’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header has a value ‘tracker.gg’ that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

I’ve spent many hours now try to learn as much as I can about CORS. I’ve attempted various tries at a solution but have determined several of the solutions I’m finding are from the perspective of the developer trying to build the server fulfilling the request, rather than my situation, a server making the request. If anyone can point me in any direction at all that could help, it would be hugely appreciated as I’m getting incredibly frustrated by this error.



I tried a quick call to the same endpoint using Postman, and I’m not receiving the same CORS error.

All I sent was a GET with the following headers, maybe there’s a difference in here that you’re not using with your call?

Request Headers
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Cache-Control: no-cache
Postman-Token: <redacted>
Host: public-api.tracker.gg
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Hi @KyleMo,

This error occurs if your frontend sends a request to a website on a different domain. There are two possible options to avoid CORS:

  1. If you are building a project for your personal use or educational purposes, you can use a browser extension to disable the CORS policy (for example, you could try CORS Unblock - Chrome Web Store). Please note that it will be disabled on your computer only.

  2. Use backend to send requests. It is a proper way to access the API data and you will be able to find many articles about it depending on what you are using (e.g., Node.js, C#, Java, Go, Python, etc.)

If you still have questions, please let me know.

Hi @vindictivesmurf ,

Thanks for the suggestion. Running it through Postman also works for me. I have included all the headers they have and still no luck. Nonetheless, I’m going to go ahead and try what @LostBlood recommended.


Thanks so much for the help here. I’ll get this implemented as soon as possible. Have a great weekend!