Blog

webpack-dev-server: CORS, devServer.proxy, and keeping HMR WebSocket origins aligned with your API

Hot Module Replacement uses a second connection; if your API runs on another port, proxy requests so the browser sees one origin for fetch and WS.

Published: 2027-05-02Updated: 2027-05-041 min read

webpackdev-servercors

Proxy vs headers

Proxying `/api` to the backend removes cross-origin fetches in development, which eliminates most preflight noise in Network tabs.

Global devServer.headers apply to all responses; accidental duplication with backend middleware can emit conflicting Allow-Origin values.

sockjs-client and webpack HMR need allowed origins on the dev server—do not conflate them with REST CORS on Nest or Express.

When using HTTPS locally, ensure WSS matches the certificate SANs your browser trusts.