Chat Completions API endpoint *down/blocked* - any web browser request

• On chat completions. (models/responses OK, Python RESTful/SDK OK)

My own serverless web page making API requests, the platform site Playground making API requests, multiple browsers, multiple PCs, multiple API keys including the platform site’s session key, all:

NetworkError when attempting to fetch resource. (Firefox)
API Error Error: Failed to fetch (Chrome)

The same browser window that’s been continuously open now fails.

Looks like something bad was committed to the API, such as not accepting browser patterns such as attempts at http/3 promotion. The request is getting through API key validation; that error of no auth you can see just typing the URL in a browser.

OPTIONS https://api.openai.com/v1/chat/completions - 404
POST https://api.openai.com/v1/chat/completions - nothing (fast close connection?)

image572×192 4.11 KB

Facing same issue… I dont know how but suddenly api is blocked.

yes same here.. approx same time frame…

it seems like CORS was disabled by removing Access-Control-Allow-Origin from the responses…

I have the same situation — this issue appeared this morning. May I ask if the official service has permanently restricted direct API access from browsers? I haven’t found any related update logs or documentation. Can anyone help clarify this?

I am facing same issue since morning.

Thanks for flagging this issue!
The team at OpenAI is aware and looking into this right now.

Do you have confirmation of this? That it is an unintentional error they are trying to fix, and that they have not updated the system or something?

Yes, I can confirm this is a bug, and it’s currently being worked on.

“We’re not aware of any issues affecting our systems”

It seems that there is no automation nor human powering the status page, such as vector stores being down for days in the past (although this browser-only issue against a particular endpoint would be harder to anticipate a unit-test for).

have the same issue, we process about 1.5 bilion tokens a month through direct browser requests and everything just stopped. We’re working on moving everything to a proxy server but we would have hopped to get at least 2 days notice. Thank you @vb for looking into it and confirming it is a bug

We are getting
Access to fetch at ‘https://api.openai.com/v1/chat/completions’ from origin ‘https://{ourwebsite}.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

@vb do we have any ETA from the dev team in the order if it’s hours or days?

I see this as well, and here’s a reproducer.

A simple request in curl succeeds:

curl https://api.openai.com/v1/chat/completions -H 'Authorization: Bearer <REDACTED!>' -H 'content-type: application/json' --data '{"model": "gpt-4.1", "temperature": 1, "messages": [{"role": "system", "content": "You are a chatbot."}, {"role": "user", "content": "Hello!"}]}'

But the equivalent in the Chrome Console (F12) fails:

fetch("https://api.openai.com/v1/chat/completions", {method: "POST", headers: {"Content-Type": "application/json", "Authorization": "Bearer <REDACTED!>"}, body: '{"model": "gpt-4.1", "temperature": 1, "messages": [{"role": "system", "content": "You are a chatbot."}, {"role": "user", "content": "Hello!"}]}'})

with

VM121:1 Refused to connect to 'https://api.openai.com/v1/chat/completions' because it violates the following Content Security Policy directive: "connect-src chrome://resources chrome://theme 'self'".
(anonymous)	@	VM121:1

VM121:1 Fetch API cannot load https://api.openai.com/v1/chat/completions. Refused to connect because it violates the document's Content Security Policy.
(anonymous)	@	VM121:1
Promise {<rejected>: TypeError: Failed to fetch
    at <anonymous>:1:1}
VM121:1 Uncaught (in promise) TypeError: Failed to fetch. Refused to connect because it violates the document's Content Security Policy.
    at <anonymous>:1:1
(anonymous)	@	VM121:1

And similarly in the FireFox Console:

XHROPTIONS
https://api.openai.com/v1/chat/completions
CORS Missing Allow Origin

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.openai.com/v1/chat/completions. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.openai.com/v1/chat/completions. (Reason: CORS request did not succeed). Status code: (null).

Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource. 

It also fails with the same messages when the request is made from an HTML page hosted by GitHub Pages.

Same on our side, a CORS limitation has been added, Direct calls from browser are now blocked, and there’s no particular workaround except using a tiny backend like cloudflare function or whatsoever.

Let’s hope it’s only a bug instead of a forced security improvement

My apps stopped working. I’m making calls directly from the browser. Can anyone tell me what to do? Are they fixing it, or should I give up? Does anyone use Claude? What do you think?

Same issue. Suddenly CORS blocking every call to the completions API. Embeddings API seemed to be working though strangely enough. Seems like it’s working for me now? Would love to see an error report on why this issue occurred.

My apps are working with v1/responses. But I won’t change everything yet. I’m waiting for a fix or some official information.

Same here; it’s working again. Very weird.

It would be great to get a response from an Open AI person on whether this CORS issue with the completions API is:

• Considered a bug (or change) that will be fixed (or reverted back)
• Or a new permanent change to prevent folks from connecting directly to the API from client-side javascript in a browser (including from pages hosted on a VPN)

Are these forums monitored by Open AI folks?

… Just retested and it’s back to working again for me.