Share via

CORS Policy Error When Using Fetch API in Microsoft Edge Blocks Data Requests from External Server

walter black 36 25 Reputation points
2025-08-03T14:45:49.45+00:00

When attempting to fetch data from an external API using the fetch API in JavaScript, the website works correctly in Chrome and Firefox, but fails in Microsoft Edge. The Edge console displays a CORS policy error:

Access to fetch at 'https://api.example.com/data' from origin 'https://yourdomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This error prevents the website from receiving data from the external server in Microsoft Edge. The issue is caused by the absence of the Access-Control-Allow-Origin header in the server’s response, which is strictly enforced by Edge’s security policy.

Microsoft Edge | Microsoft Edge development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Damien Pham (WICLOUD CORPORATION) 1,755 Reputation points Microsoft External Staff Moderator
    2025-08-05T04:08:03.9166667+00:00

    Hello Travis Scott,

    Thank you for reaching out regarding the issue you're experiencing with CORS requests failing in Microsoft Edge while functioning correctly in Chrome and Firefox.

    After reviewing your scenario and analyzing relevant community discussions, including insights from Stack Overflow, we’ve identified that Microsoft Edge enforces a stricter zone-based security model which can block cross-origin requests under certain conditions.

    The problem you are experiencing possibly caused by Edge classify your site under the Internet Zone, and if the API you're accessing is hosted on a local or private network, the browser may block the request due to Enhanced Protected Mode (EPM) or AppContainer sandboxing. This behavior differs from Chrome and Firefox, which do not apply the same zone-based restrictions.

    Here are my recommendations:

    1. Use a Proxy Server If modifying the API server is not feasible, you can set up a backend proxy on your domain to relay requests to the external API. This avoids CORS entirely by keeping the request within the same origin.
    2. Test with Fiddler or Similar Tools Running Fiddler can temporarily alter how Edge classifies your site (e.g., as part of the Local Intranet Zone), allowing the request to succeed. This is useful for confirming the issue is zone-related.
    3. Adjust Edge Security Zone Settings (Advanced Users) You may manually add your domain to the Trusted Sites or Local Intranet Zone via Internet Options. Please note this is not recommended for production environments due to potential security implications.
    4. Host Frontend and API on the Same Domain In production, hosting both components under the same origin eliminates CORS concerns entirely.

    Please feel free to reach out if you need assistance with further diagnostics, configuration guidance, or understanding how CORS is handled in specific enterprise scenarios.

    Best regards

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.