Change access-control-allow-origin


Im trying to load an iframe in my bubble app.

This tool im embedding uses some APIs for it to work correctly. So when this tool is loaded in an iframe, it does a POST to check some information.

But this post is being blocked as per the following console logging:

Im not sure, but looks like the problem is that Bubble response has the paramete “access-control-allow-origin” as “*” and for security reasons it cant be an asterisk, it should be another value. I was not able to find where i can change that, can someone help me?


1 Like

Answer from support:

At this time, we don’t have the ability to add custom headers to responses from your backend workflows. We have received feedback from a number of different users that this would be useful for situations like yours - so our product team is aware and this item is on our roadmap, although I don’t have an exact time frame.


I would need this. Is it still on the roadmap?


i need it as well