CORS Issue when trying to call Workflow through retool on webpage?

Hi guys,

I created a retool to catch data from a database with a webhook, so that I can display the data on a web page.

The workflow works like this:

  1. Webhook trigger
  2. I run a SQL query to fetch data from the DB
  3. I return the response to the webhook

Everything works, but I am now calling this webhook on a web page, and I am running into a CORS issue, which tells me that the domain is not authorized.

How can I by pass this since Retool doesn't allow us to whitelist domains; I believe?

I have the same issue, did you find a solution?

Hey folks! This is actually an active bug on our end. The dev team is looking into, fixing these errors and I can report back here when something has been pushed!

Also facing this issue...

Same. Can't move forward.

1 Like

Got it, I've bumped the ticket but we don't have an eta for it at the moment. Sorry that you're blocked - thanks for reporting it so that we have a better sense of how many people it's impacting!


Hey folks! The dev team pushed a fix for this with the 3.7 release - can you let me know if you're still having issues on that version?

1 Like

Hey, I am running into a CORS issue that seems to be introduced about 7 hours ago. Previously working fine because our team has an internal proxy that we use to call a retool workflow from our webpage.

I am wondering, is this related to the deploy?

Sorry for the late reply here @Gagandeep_Gill, what exactly is there CORS error you're seeing? And would you mind expanding a bit more on how you're making the request for my understanding?

Hey, did the CORS issue ever get fixed? I tried running a server that a JavaScript Resource would trigger locally with a fetch function to retrieve the data on it's behalf, but it's still running into this issue.

I read somewhere that the {{proxy}} function might work?

Hey @fcicyber!

JavaScript in Retool is typically sandboxed which can cause CORS errors when making fetch requests since they'll come from a null origin. I'd typically recommend using a REST query and calling that from within your JavaScript (e.g. using a Workflows function). Is there a particular reason you need to use fetch specifically?

Hey thanks for replying, Kabirdas!

Yeah, the reason for the using the fetch function is that our one vendor requires a dynamic edit in the header for each client we have on that vendor. So given 5 clients on that vendor, there might be 5 different domain regions I would have to call but with the same credentials, and then put them all in the same table.

Fetch allowed us to configure the REST GET call per each client, since we could not inject a variable in the headers option like you can with the body parameters in Retool Resources.

Curious to know more about your setup @fcicyber, particularly how the headers need to be passed. You should be able to pass dynamic header values through your function's parameters with something like the following:

Does your use case differ from the example above in a certain way?