My working web app just started breaking about 14 hours ago with CORS errors on the responses API. It is a local-first app served from the file:// domain but I also tested it from a real domain and it breaks there too. It is meant for individual developers who supply their own API keys, so in this situation I do not think it is a problem that a web app is making authenticated requests from the browser.
8 Likes
On closer inspection the OPTIONS preflight is receiving a 400 from openai.com, so no CORS headers are set and this breaks the main call.
1 Like
I can answer immediately about another endpoint by browser:
(Content policy canât do much about the limited headers web scripting can get..)
HTTP 200 (69931 ms)
content-type: application/json
x-request-id: req_
I have no BYOK browser Responses API code with history, but could whip something up.
Facing the same issue. Running an app from localhost
Confirmed.
The same application ported over to Responses fails:
00:19:18.057 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.openai.com/v1/responses. (Reason: CORS header âAccess-Control-Allow-Originâ missing). Status code: 400.
00:19:18.060 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.openai.com/v1/responses. (Reason: CORS request did not succeed). Status code: (null).
Quite simply, Chat Completions has access-control-allow-origin: null in the OPTIONS response header, Responses does not.
Repro
https://hotnova.com/playground/responses.html
(try again in a few minutes if 502)
Use your API key, stored obfuscated in browser local storage until âClear ALL local dataâ button kills the domainâs store. Pick parameters compatible with AI model.
Switch URL between Chat Completions (success) and Responses (fail).
Facing the same issue on my BYOK app. Responses API stopped sending Access-Control-Allow-Origin header.
Thanks for raising this issue!
Thanks to @_j for providing the easy to repro link!
Escalated!
3 Likes
My team is facing the same issue using the Responses API. All OpenAI requests that were previously succeeding began failing overnight due to CORS errors.
Same here, Responses stopped working from browser because of CORS. @OpenAI_Support is it on purpose or it is a glitch? Is it a new policy?
Same issue, it was still working yesterday. Two days ago i just updated my app to support Response API instead of chat completion API! Old version with completion API is workingâŚ
1 Like
Oh, it is a pity when you just release an app, and it stops workingâŚ.
BTW: Gemini allows calls from a browser.
Just adding that also /v1/images/edits is affected by this problem
1 Like
We have identified the issue and the fix has rolled out.
5 Likes
Thanks for the quick fix ! Indeed it works again.
2 Likes
Thanks (and "no thanks, to the one who messes with APIs)!
Reward: preset share with a Chat Completions JSON schema auto-converted to Responses text.format for transmission when picking that endpoint, with reasoning.effort, text.verbosity etc (success, first go).
1 Like
I almost had a stroke, but now it is working good, thanks for the fix!
1 Like
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.