CORS & AJAX

Cross-origin requests work out of the box. No configuration needed.

What does this mean?

Your website and Flowqen are on different domains. Browsers normally block this. Flowqen sends special headers so browsers allow it — this is called CORS.

yoursite.com
flowqen.com
Allowed!

Response headers Flowqen sends

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

Restrict to specific domains

Want only your website to submit to your form? Add allowed origins in Settings.

Allowed Origins
https://yoursite.com, https://app.yoursite.com

Comma-separated. Leave empty to allow all origins.

Form settings panel showing Allowed Origins field under CORS configuration

Use cases

Single Page Apps

React, Vue, and Angular apps send forms via fetch(). CORS headers make this work seamlessly.

SPAs hosted on Vercel, Netlify, or any CDN

Multi-Domain Setup

Restrict form submissions to only your domains. Block unauthorized sites from spamming your endpoint.

Allow yoursite.com and app.yoursite.com, block everything else

Previous
Integration Guide
Next
REST API

© 2026 Flowqen. All rights reserved.