CORS xano issues with the new weweb environment

nealzie · April 16, 2026, 11:33am

I got the email to update my whitelist domains, and to use a wildcard. However, Xano’s CORS management doesn’t support a * wildcard inside a domain.

I’ve tried several things - adding the full subdomain uuid from my editor address bar to the allow list, and adding things like editor-cdn.weweb.io to the list since that’s what the error says the request comes from, but nothing helps aside from turning CORS off all together which is not something I intend to do.

How has anyone else fixed this? I’ve already lost half a workday due to a stupid change and getting really frustrated with this.

Solved: removed the / at the end of the domain

Batik_Okazov · April 16, 2026, 11:57am

hey Niels,

have you set headers?

nealzie · April 16, 2026, 12:18pm

Hi Batik,

Thanks for your reply!

Yes for certain API groups I use headers accessToken, Content-Type, Authorization, X-Requested-With, X-Data-Source, X-Branch

The thing is, it worked fine until weweb changed the editor url from editor.weweb.io/* to *-editor.weweb.io

Because the origins in xano don’t support the * wildcard. So editor.weweb.io/ would work and would allow anything after the / but the new subdomain structure isn’t supported by xano in that way, it seems

Batik_Okazov · April 16, 2026, 12:21pm

hmm, that sounds strange.

Xano team confirmed wildcard support:

nealzie · April 16, 2026, 12:24pm

It seems that in the reponses of that topic, the person also says it doesn’t work for him.

I’ve tried all of these variations but none work:

As soon as I allow everything though, I get the data into weweb:

Batik_Okazov · April 16, 2026, 12:30pm

hm, are you sure that headers may be set in one comma-separated line? Have you tried to set each header in the separate field?

I don’t use CORS in Xano, but I use it with S3 storage. And the following works for me:

nealzie · April 16, 2026, 12:37pm

Yes because those header settings work before the domain changed. In fact, it still works on the published site, which is why I was pretty sure the problem wasn’t in the headers.

I just discovered the problem is in having a / in the end of the url!

Thanks for thinking along with me!

Batik_Okazov · April 16, 2026, 1:41pm

I’m glad the case is solved

Joyce · April 16, 2026, 2:17pm

Oh wow, I wouldn’t have thought to check that!

Thanks for taking the time to share the solution on here, really appreciate it!

ericp · April 16, 2026, 7:12pm

Don’t know if it is specifically related to CORS, but the new update did make any Xano calls where I added custom header parameters (eg. source page name) stopped working. I had to remove these parameters for the calls to work again.

RandyG0322 · April 17, 2026, 1:15am

@nealzie - Check this out New version - Error on Xano plugin requests - #11 by RandyG0322 .

Update: disregard-- I see you figured it out.. That was my issue as well . Glad you got it figured out

Topic		Replies	Views
New version - Error on Xano plugin requests Ask us anything xano	14	117	April 16, 2026
Sending cookies from Weweb -> Xano Ask us anything xano	3	397	February 24, 2024
CORS Origin Whitelist How do I?	1	349	September 27, 2023
Is there any way to go around cors? Ask us anything	18	515	February 18, 2025
Having trouble connecting WeWeb to Xano Ask us anything xano , weweb , network-error	2	98	September 22, 2025

CORS xano issues with the new weweb environment

Related topics