CORS errors with App Platform; Access-Control-Allow-Credentials

Today, I was beginning the setup of a new service. After finally getting ready to start working on the authentication flows, I was greeted with Chrome spitting out Access-Control-Allow-Credentials errors. My CORS configuration is correct, however, I can’t seem to find a way to allow this through DigitalOceans app platform. The way our app is structured, we use a subdomain to handle all API requests and fetch data from it.

Has anyone heard anything about this, or know how to fix this issue? As far as I can tell, DigitalOcean has nothing for it, and manually setting this in my application code does not work either. Any help would be seriously appreciated.

It looks like I’m not the only one having this problem, and this is causing me major frustrations as it opens us to security problems having to store session tokens on the clients localStorage [which I refuse to do] It seems they’ve ignored the idea of doing this as well.


Looks like this is still an issue now, 1st of June 2021, what a shame.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

@sloss196 @merryowen I finally solved this exact same problem by editing the App specification manually and uploading it to the App configuration in DO.

To set Access-Control-Allow-Credentials to True, you can add the following to the app spec:

- cors:
    allow_credentials: True

Unfortunately, this doesn’t seem to be directly accessible via UI. The app spec file also provides many other configuration options, see

Same with me, just setup my api app and front-end app setup in digital ocean and just need to setup Access-Control-Allow-Credentials = true header to have all working… but if i cant the whole setup isn’t going to work 🤦‍♂️