Blog

Vite dev server: CORS, server.proxy configuration, and SSR fetch to internal APIs during development

Vite’s dev server can proxy JSON and SSR module requests; align CORS headers only on routes that must be called cross-origin from the browser.

Published: 2027-05-08Updated: 2027-05-101 min read

vitecorsssr

SSR data loaders

Server-side loaders often bypass CORS—still mirror Allow-Origin in integration tests that hit the real dev server.

When SSR fetches the same origin as the page, you avoid preflight entirely for document navigation.

Bundling libraries with Vite may expose demo pages—tighten dev server CORS for demos that load third-party scripts.

Preview mode (`vite preview`) should mimic production nginx headers to catch misconfigurations early.