Unable to call Edge Function

Last edited: 2/16/2026

If you're having trouble invoking an Edge Function or experiencing CORS issues, follow these steps to diagnose and resolve the problem.

Diagnose the issue

  1. Review CORS configuration: Check out the CORS guide and ensure you've properly configured CORS headers
  2. Check function logs: Look for errors in Functions > Logs in the dashboard
  3. Verify authentication: Confirm JWT tokens and permissions are correct

Proper CORS handling

Make sure your function handles OPTIONS preflight requests.

1
// Recommended approach
2
import { corsHeaders } from '@supabase/supabase-js/cors' // v2.95.0+
3
4
Deno.serve(async (req) => {
5
  if (req.method === 'OPTIONS') {
6
    return new Response('ok', { headers: corsHeaders })
7
  }
8
9
  // Your function logic here
10
  return new Response(JSON.stringify({ status: 'Success' }), {
11
    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
12
  })
13
})

For versions before 2.95.0

If you're using @supabase/supabase-js before v2.95.0, you'll need to hardcode the CORS headers. Add a cors.ts file within a _shared folder:

1
// _shared/cors.ts
2
export const  = {
3
  'Access-Control-Allow-Origin': '*',
4
  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
5
}

Then import it in your function:

1
import { corsHeaders } from '../_shared/cors.ts'
2
3
Deno.serve(async (req) => {
4
  // Handle CORS preflight requests
5
  if (req.method === 'OPTIONS') {
6
    return new Response('ok', { headers: corsHeaders })
7
  }
8
9
  // Your function logic here
10
  return new Response(JSON.stringify({ status: 'Success' }), {
11
    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
12
  })
13
})

Debugging tools

Supabase provides two debugging tools for Edge Functions:

  • Invocations: Shows the Request and Response for each execution
  • Logs: Shows platform events, including deployments and errors

Access these tools by navigating to Functions > [Your Function] in the dashboard.

Common issues

CORS errors

  • Missing Access-Control-Allow-Origin header in response
  • Not handling OPTIONS preflight requests
  • Mismatched allowed methods or headers

Authentication errors

  • Invalid or expired JWT token
  • Missing Authorization header
  • Incorrect permissions for the authenticated user

Network errors

  • Function not deployed
  • Incorrect function URL
  • Network connectivity issues

Additional resources