How to enable CORS for method GET for a specific domain in my VTEX admin

I'm getting the following error:

XMLHttpRequest cannot load Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 405.

when requesting a GET http from my angular app, so who can I enable CORS for my VTEX admin to enable the access?, thanks in advance.

@Christian Arturo Bohórquez García unfortunately you can't make a request to Vtex API directly from the browser. Because this way you will expose your authentication credentials. To perform this, you would need to develop a back-end server on which your website will make a GET on it and the server will make a GET to Vtex API.

Vtex has some libraries that you can use and receive some data, and then treat the response using angular.



@Mateus Augusto Saggin​ thanks for your answer, but I think my problem wasn't clear enough, I'm getting an 'Access-Control-Allow-Origin' error when I make a GET request from my angular app to the following Vtex URL:, in that request I'm not sending, neither obtaining any authentication credentials, I don't even have any session at all, I'm just making a GET request to obtain an XML or a JSON with the current CheckoutCart and OrderForm data.

If I paste the Vtex URL on a Chrome browser, I obtain exactly what I need as a XML answer with all the data, or if I test that URL with a GET request from PostMan I get exactly what I need as a JSON answer with all the data, BUT when I make a GET request from my Angular app, I get an 'Access-Control-Allow-Origin' error, I just want to obtain an answer like PostMan or like Chrome from my Angular app.

@Christian Arturo Bohórquez García I understand your question, however this is a security measure implemented by browsers to prevent fraud and unauthorized access to resources in other domains.

You can check more in this link:


But basically the problem is that Vtex doesn't send in the response header the Access-Control-Allow-Origin: * statement. The request is then blocked.