Getting StartedIntegration GuideAuto-Reply EmailsEmail TemplatesNotificationsRules EngineSpam ProtectionPrivacy FeaturesCustom RedirectsFile UploadsWebhooksMailchimpSlackWidgetReact PackageCORS & AJAXAnalyticsAI Form GeneratorForm Templates

CORS & AJAX

Cross-origin requests work out of the box. No configuration needed.

What does this mean?

Your website and Rowen are on different domains. Browsers normally block this. Rowen sends special headers so browsers allow it — this is called CORS.

yoursite.com
rowen.in
Allowed!

Response headers Rowen sends

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

Restrict to specific domains

Want only your website to submit to your form? Add allowed origins in Settings.

Allowed Origins
https://yoursite.com, https://app.yoursite.com

Comma-separated. Leave empty to allow all origins.

Use cases

Single Page Apps

React, Vue, and Angular apps send forms via fetch(). CORS headers make this work seamlessly.

SPAs hosted on Vercel, Netlify, or any CDN

Multi-Domain Setup

Restrict form submissions to only your domains. Block unauthorized sites from spamming your endpoint.

Allow yoursite.com and app.yoursite.com, block everything else