Vapi is the Voice AI platform for developers.

Vapi AI

Hi there. I am trying to use VAPI page to test custom tools and it seems that the CORS policy on https://dashboard.vapi.ai/tools/ does not allow any custom tool to be called. When I call a tool hosted on my web server, the HTTP request is denied due to CORS policy:

Is it possible to do anything about it?
https://cdn.discordapp.com/attachments/1365421947869073438/1365421948565323806/image.png?ex=680d3fc8&is=680bee48&hm=8e426e761b07bb40d0ce99709af3b049a38e7124ce04e37eac1fe55cab84bdf5&

To fix the CORS issue, you need to add the `Access-Control-Allow-Origin` header to your server's response. Add this to your server code:

```javascript
// Add this to your server's response headers
res.setHeader('Access-Control-Allow-Origin', 'https://dashboard.vapi.ai');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
```

This tells your server to accept requests from the Vapi dashboard origin.

Sources:
- [Discord discussion about CORS issues](https://discord.com/channels/1211482211119796234/1341350119957594163)
- [Discord discussion about whitelisting domains](https://discord.com/channels/1211482211119796234/1333797946440941639)

Message marked as helpful by <@489293348637507585>! 🎉