Question about browser-side requests on fresh projects

[tornidomaroc-web]

Hi,

I was exploring the flow for a fresh project and noticed something interesting around browser-based requests.

From what I can see, when starting with a new project (no platforms configured yet), requests coming from a browser environment seem to be rejected until a platform/hostname is explicitly added.

This made me wonder about the initial developer experience — especially for users trying to validate their first request quickly from a local or frontend setup.

In similar tools, even a small delay before that first successful request can sometimes affect how quickly users “get it”.

Curious if this is an intentional design decision, or something you've observed in onboarding / activation behavior?

[harshx028]

Your Observation is great but this pattern is chosen mainly CORS and other security practices to protect the public endpoints from misuse

Some of the tools try to solve this by adding the localhost by default configure the setup already such as prisma setup the everything we need to replace db url only , there are some frameworks set the localhost by default there are many tools that try to decrease their setup and improve the experience of developers

[vidyasingh08]

Yes, that’s intentional: browser requests are blocked until you add a platform/hostname to avoid accidental public access. That protects projects but can slow the first “aha” for devs testing locally.

Quick fixes to improve onboarding:

Allow localhost by default for first-run testing.
Return a clear error with a one-click “Add origin” action.
Offer a dashboard prompt to auto-add the requesting origin.
Issue a short-lived local token for the initial session.