Netlify sites rejecting fetch requests from StackBlitz

Support
1

I’ve been running a project that fetches data from various websites, including Netlify-hosted domains (*.netlify.app). While requests work fine on Replit, Deno Deploy, and locally with Node.js, every fetch request to a Netlify site fails when running on StackBlitz.

What I Tested

Successful fetch:

Failed fetch (only fails on StackBlitz, works everywhere else):

Error message from Stackblitz:

❌ Failed: https://netlify.com/ TypeError: fetch failed
    at _0x523d67 (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:1460136)
    at _0x230e18._0x5ab7f7 (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:1461756)
    at <anonymous> (node:internal/deps/undici/undici:93:355374)
    at <anonymous> (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:26852) {
  cause: SocketError: other side closed
      at TLSSocket.onSocketEnd (node:internal/deps/undici/undici:93:299212)
      at TLSSocket.emit (node:events:30:11015)
      at endReadableNT (node:internal/streams/readable:225:8116)
      at processTicksAndRejections (node:internal/process/task_queues:192:1067)
      at <anonymous> (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:204448)
      at _0x4c285b (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:204529)
      at _0x5486f1 (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:526972)
      at <anonymous> (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:526724)
      at _0x5a93b7 (https://gqairvpjmjgithub-3nrr.w-credentialless-staticblitz.com/blitz.5a421e5b.js:40:526478) {
    code: 'UND_ERR_SOCKET',
    socket: {
      localAddress: '1.0.0.2',
      localPort: 443,
      remoteAddress: undefined,
      remotePort: undefined,
      remoteFamily: undefined,
      timeout: undefined,
      bytesWritten: undefined,
      bytesRead: undefined
    }
  }
}

StackBlitz sends the following headers, which might be triggering a block:

{
  "Accept": "*/*",
  "Accept-Encoding": "gzip, deflate, br, zstd",
  "Accept-Language": "*",
  "Origin": "https://github271zq4in-zgnm.w-credentialless-staticblitz.com",
  "Sec-Fetch-Dest": "empty",
  "Sec-Fetch-Mode": "cors",
  "Sec-Fetch-Site": "cross-site",
  "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36"
}

You can test this directly in my StackBlitz Project.
Run node index.js and Node will fetch from the different URLs.

Can someone from Netlify confirm whether StackBlitz is being intentionally blocked or rate-limited? If so, is there a workaround or setting we need to adjust?

2

Hi @prochaLu, thanks for writing in.

While requests work fine on Replit, Deno Deploy, and locally with Node.js, every fetch request to a Netlify site fails when running on StackBlitz.

Since you mentioned the request works on Replit, Deno Deploy, and locally, but only fails on StackBlitz, then the problem is on StackBlitz’s end.
Kindly reach out to StackBlitz’s support for help on the reason why requests fail.
Thanks.

3

Looking at Chrome DevTools Network panel for the demo, it appears it has to do with a CORS problem:

Screenshot 2025-03-18 at 20.16.54
Screenshot 2025-03-18 at 20.16.54778×140 17.5 KB

Cross-Origin Resource Sharing error: MissingAllowOriginHeader

Looking through other Netlify Support Forums posts, there is another post from Mar 2021 by @derek-zhou suggesting that static sites should be made more liberal with CORS, as other hosting platforms have done:

@clarnx would you have an update from Netlify’s teams on the Mar 2021 request?

4

Workaround

For now, we will work around the problem by setting CORS headers manually on the static site, as described by @hrishikesh here:

netlify.toml

[[headers]]
  for = "/*"
  [headers.values]
    Access-Control-Allow-Origin = "*"
1 Like