Why am I getting a CORS error when embedding a form in a post?

If you're seeing a CORS (Cross-Origin Resource Sharing) error after embedding a custom form directly into a beehiiv post, it's likely due to browser security restrictions that prevent requests to external APIs from unapproved sources.

This usually happens when:

• You're embedding a third-party or self-hosted form that submits data directly to an API.
• The form attempts to send data from the post's frontend (in the browser) to a backend service (like the beehiiv API) without proper authorization or CORS configuration.

What causes the error

Modern browsers block cross-origin requests unless explicitly allowed by the server receiving the request. The beehiiv API enforces CORS policies to protect your data and prevent unauthorized access. If your form tries to send data directly to the beehiiv API using client-side JavaScript, the request will be blocked — and your API key would be exposed in the process, which is a security risk.

How to resolve a CORS error

To prevent CORS issues follow these guidelines:

• Avoid sending requests directly to the beehiiv API from the browser. 
• Instead, route the form submission through your own backend server, which acts as a secure proxy.
• Use your server to store and use your API key safely.
• Configure CORS on your server to allow requests from your frontend or domain.

This setup keeps your API key private and avoids browser-level CORS restrictions.