JS Fetch access to API fails because of CORS

Hi everyone! :wave:

I am facing very annoying and unfortunate CORS errors while trying to access the SeaTable API from a web app I built. I already tried loads of different approaches and scraped the whole forum, but either the issues were slightly different or the topic has been closed with any real resolution.

The following works as expected, when run in the terminal.

-H "Authorization: Token <TOKEN>"
-H "Content-type: application/json"
-d '{"sql": "<QUERY>","convert_keys": true}'

But using the following options in a JS fetch unfortunately always resorts in a cors error:

  let headers = new Headers();
  headers.append("Authorization", `Token ${base.token}`);
  headers.append("Content-Type", "application/json; ");

  const options = {
    method: "POST",
    redirect: "follow",
    headers: headers,
    body: JSON.stringify({
      sql: query,
      convert_keys: true,

fetch("https://cloud.seatable.io/dtable-db/api/v1/query/<BASE_ID>/", options)

From the official documentation, I understand that using the Authorization and Content-Type Headers, will trigger a preflight request (OPTIONS method) which is already getting rejected by the API. Disabling cors with mode: "no-cors" also will not work because of the mentioned headers.

Does anyone know how to resolve this without setting up a CORS Proxy? Or is there something on the roadmap on SeaTable side?

We really like SeaTable und would love to use it in production - unfortunately this would be an absolute deal-breaker :frowning:

Good luck:

There are no plans to make this possible. I would propose that you write a small PHP, python or whatever script to receive the data and then use the API to write the data to your base.

Otherwise, feel free to install SeaTable Developer Edition by yourself and change the headers.

How do you prevent the users from coping your token and use “delete * from table” SQL to delete all your data?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.