Uncategorized

How to Fix CORS Error in Express.js: Causes, Solutions & Code Examples If you have ever built an API with Express.js and tried to call it from a frontend running on a different domain or port, you have almost certainly run into the dreaded CORS error. The browser console flashes a red message like “Access to fetch at … has been blocked by CORS policy” and your request silently fails. The good news: CORS errors are predictable and fixable once you understand what is happening behind the scenes. In this guide published by the GeminiWeb team, we will walk you through every common cause of CORS issues in Express.js and give you clear, copy-paste code examples for each fix. Whether you are dealing with simple requests, preflight failures, credentials, or multiple allowed origins, this post has you covered. What Is CORS and Why Does the Error Happen? CORS stands for Cross-Origin Resource Sharing. It is a security mechanism enforced by web browsers. When your frontend (e.g., https://app.example.com) makes an HTTP request to a backend on a different origin (e.g., https://api.example.com), the browser checks specific HTTP response headers to decide whether the frontend is allowed to read the response. If those headers are missing or misconfigured on your Express.js server, the browser blocks the response and throws a CORS error. Important: the server still processes the request. CORS is a browser-side enforcement, not a server-side block. Key CORS Response Headers Header Purpose Access-Control-Allow-Origin Specifies which origin(s) can access the resource Access-Control-Allow-Methods Lists the HTTP methods (GET, POST, PUT, DELETE, etc.) allowed Access-Control-Allow-Headers Lists the custom headers the client is permitted to send Access-Control-Allow-Credentials Indicates whether cookies/auth headers are allowed Access-Control-Max-Age How long (in seconds) the browser can cache the preflight response Most Common Causes of CORS Errors in Express.js Before jumping to solutions, let’s identify the root causes. In our experience at GeminiWeb working on dozens of Node.js projects, these are the issues we see most often: No CORS headers set at all on the Express server. Misconfigured Access-Control-Allow-Origin (wrong value, missing protocol, or typo). Preflight (OPTIONS) requests not handled, causing PUT/PATCH/DELETE or custom-header requests to fail. Credentials mode enabled on the client but the server uses a wildcard (*) origin. Multiple or dynamic origins not supported by the configuration. Middleware order issues where CORS headers are set after the route handler runs or after an error is thrown. Reverse proxy or hosting platform stripping headers before they reach the browser. Let’s fix each one. Solution 1: Use the cors npm Package (Quickest Fix) The fastest way to fix CORS errors in Express.js is to install the official cors middleware package. Step-by-step Install the package: npm install cors Import and use it in your Express app: const express = require(‘express’); const cors = require(‘cors’); const app = express(); // Enable CORS for all origins app.use(cors()); app.get(‘/api/data’, (req, res) => { res.json({ message: ‘CORS is working!’ }); }); app.listen(3000, () => { console.log(‘Server running on port 3000’); }); This adds Access-Control-Allow-Origin: * to every response. It is great for development, but not recommended for production because it allows any website to read your API responses. Solution 2: Allow a Specific Origin For production, you should restrict access to trusted domains only. app.use(cors({ origin: ‘https://myapp.example.com’ })); Now only requests originating from https://myapp.example.com will receive the proper CORS headers. Requests from any other origin will be blocked by the browser. Common mistake: forgetting to include the protocol. myapp.example.com without https:// will not match and the error will persist. Solution 3: Allow Multiple Origins If your API serves several frontends (e.g., a marketing site and a dashboard), you need to dynamically set the origin header. const allowedOrigins = [ ‘https://myapp.example.com’, ‘https://dashboard.example.com’, ‘http://localhost:5173’ ]; app.use(cors({ origin: function (origin, callback) { // Allow requests with no origin (e.g., mobile apps, curl) if (!origin) return callback(null, true); if (allowedOrigins.includes(origin)) { return callback(null, true); } else { return callback(new Error(‘Not allowed by CORS’)); } } })); Pro tip: store your allowed origins in an environment variable so you can change them without redeploying. # .env CORS_ORIGINS=https://myapp.example.com,https://dashboard.example.com const allowedOrigins = process.env.CORS_ORIGINS.split(‘,’); Solution 4: Handle Preflight Requests Properly What is a preflight request? Before sending certain requests (e.g., PUT, PATCH, DELETE, or any request with custom headers like Authorization), the browser sends a preliminary OPTIONS request called a preflight. If your server does not respond to this OPTIONS request with the correct headers, the actual request never fires. Fix with the cors package If you are using app.use(cors()) before your routes, preflight is handled automatically. But if you applied CORS only to specific routes, you also need to handle OPTIONS: // Enable preflight for all routes app.options(‘*’, cors()); // Then apply cors to your specific route app.get(‘/api/data’, cors(), (req, res) => { res.json({ message: ‘Hello’ }); }); Fix without the cors package (manual headers) app.use((req, res, next) => { res.header(‘Access-Control-Allow-Origin’, ‘https://myapp.example.com’); res.header(‘Access-Control-Allow-Methods’, ‘GET, POST, PUT, DELETE, OPTIONS’); res.header(‘Access-Control-Allow-Headers’, ‘Content-Type, Authorization’); // Handle preflight if (req.method === ‘OPTIONS’) { return res.sendStatus(204); } next(); }); Returning a 204 No Content status for OPTIONS tells the browser “go ahead, the actual request is allowed.” Solution 5: Fix CORS When Using Credentials (Cookies / Auth Headers) If your frontend sends cookies or an Authorization header, you need two things: The client must set credentials: ‘include’ (Fetch API) or withCredentials: true (Axios). The server must set Access-Control-Allow-Credentials: true and must not use a wildcard * for the origin. Client-side (Axios example) axios.get(‘https://api.example.com/user’, { withCredentials: true }); Server-side app.use(cors({ origin: ‘https://myapp.example.com’, credentials: true })); If you use origin: ‘*’ together with credentials: true, the browser will reject the response. This is one of the most frequent mistakes we see. Solution 6: Expose Custom Response Headers By default, the browser only exposes a limited set of response headers to JavaScript. If your API returns a custom header (like X-Total-Count for pagination), you need to explicitly expose it: app.use(cors({ origin: ‘https://myapp.example.com’, exposedHeaders: [‘X-Total-Count’, ‘X-Request-Id’] })); Solution 7: Fix Middleware Order Issues Express processes middleware in the order it

Why Kerning Can Make or Break Your Logo You have spent hours choosing the perfect typeface for a logo. The colors are right, the concept is strong, and the overall layout looks great. But something still feels off. The letters look awkward, cramped in some places and too loose in others. The problem? Bad kerning. Kerning is the adjustment of horizontal spacing between two individual letters. It is one of the most overlooked details in logo design, yet it is one of the most important. Poor kerning makes a logo look amateurish. Proper kerning makes it look polished, balanced, and unmistakably professional. In this guide, we will walk you through exactly how to kern a logo step by step. You will learn how to spot common kerning problems, fix them in popular design software, and develop an eye for letter spacing that separates amateur work from expert-level design. What Is Kerning, Exactly? Before we dive into the practical steps, let us make sure the definition is crystal clear. Kerning is the process of adjusting the space between two specific letters in a word. It is not the same as tracking (which adjusts spacing uniformly across an entire word or block of text) or leading (which controls vertical line spacing). Every letter has a unique shape. Some letters, like “A” and “V,” naturally create awkward gaps when placed next to each other. Others, like “H” and “I,” tend to sit more evenly. Kerning addresses those uneven gaps on a pair-by-pair basis. Kerning vs. Tracking vs. Letter Spacing: A Quick Comparison Term What It Adjusts When to Use It Kerning Space between two specific letters Logo design, headlines, display type Tracking Uniform spacing across a whole word or line Body text, stylistic all-caps treatments Letter Spacing (CSS) Similar to tracking, applied in web/code Web design, CSS styling For logo work, manual kerning is essential. Auto-kerning settings in design software get you part of the way there, but they almost never produce perfect results for display-size typography like logos. How to Spot Bad Kerning in a Logo The first step in learning how to kern a logo is training your eye to recognize problems. Here are the most common signs of poor kerning: Uneven “rivers” of space: Some letter pairs have wide gaps while others are tightly packed. Letters that appear to touch or collide: Certain combinations look like they are merging into one shape. Words that read as two separate words: A large gap in the middle of a word can split it visually. An overall “wobbly” feeling: The word does not look balanced even though you cannot immediately pinpoint why. Problematic Letter Combinations to Watch For Some letter pairings are notorious for causing kerning headaches. Keep a close eye on these combinations: AV, AW, AT, AY – The diagonal and horizontal shapes create large triangular gaps. RA, PA, FA – The arm or crossbar of the first letter creates space above the “A.” To, Tr, Ta – The overhang of the “T” leaves excessive room next to lowercase letters. LT, LY, LA – The open right side of “L” creates visible holes. WA, VA, Yo – Diagonal strokes paired with round or angled letters. ry, ly, ty – Lowercase combinations that often need tightening. If your logo contains any of these pairs, you will almost certainly need to adjust the kerning manually. How to Kern a Logo: Step-by-Step Process Now let us get into the practical workflow. This process works regardless of which design tool you use, whether that is Adobe Illustrator, Figma, Affinity Designer, or another application. Step 1: Type Out Your Logo Text and Choose Your Font Start by setting your logo text in the typeface you have selected. Use a large point size so that spacing issues are easier to see. Working at 150pt or larger on screen is a good starting point. At this stage, leave the kerning on the default “Auto” or “Metrics” setting. This gives you the font designer’s built-in kerning as your baseline. Step 2: Switch to Optical Kerning (Optional Starting Point) Most professional design tools offer an “Optical” kerning mode that calculates spacing based on the actual shapes of the letters rather than the font’s built-in kerning table. Try both Metrics and Optical settings and see which one gives you a better starting point. For many display fonts, Optical kerning produces a more even result. But neither setting will be perfect for logo work, so manual adjustment is always the next step. Step 3: Kern in Groups of Three Letters This is one of the most effective techniques professional typographers use. Instead of trying to evaluate an entire word at once, break it down into groups of three consecutive letters. Here is how it works: Look at the first three letters of your logo text. Focus only on those three. Adjust the spacing between the first and second letter until the gap looks visually equal to the gap between the second and third letter. Move forward by one letter. Now look at letters 2, 3, and 4. Repeat the process. Continue until you reach the end of the word. Go back to the beginning and repeat the entire process one or two more times. The goal is not to make every gap exactly the same number of pixels. The goal is to make every gap feel visually equal. Because letters have different shapes (round, straight, diagonal, open), the actual measured distances will vary. What matters is the perceived balance of space. Step 4: Use the Squint Test Once you have completed your initial kerning pass, squint your eyes or step back from your screen. When the letters blur slightly, uneven spacing becomes much more obvious. You will see dark clumps where letters are too tight and bright holes where they are too loose. This simple technique is used by professional designers every day. It works because squinting removes your ability to read the actual letters, forcing your brain to evaluate the rhythm