i-am-bee · PetrBulanek · Feb 20, 2026 · Feb 13, 2026 · Feb 13, 2026
diff --git a/docs/development/custom-ui/a2a-client.mdx b/docs/development/custom-ui/a2a-client.mdx
@@ -11,6 +11,7 @@ If you only need the fast path, start with **[Getting Started](./getting-started
 
 - **Packages installed**: `agentstack-sdk` and `@a2a-js/sdk`
 - **Platform base URL** and **provider ID**
+- **CORS enabled on the server** for your frontend origin when running in a browser (or use a same-origin proxy). See **[Cross-Origin Resource Sharing Configuration](../deploy-agent-stack/deployment-guide#cross-origin-resource-sharing-configuration)**.
 - **User access token** (for platform API calls)
 - **Context token** (for A2A requests)
 
@@ -264,4 +265,4 @@ For more about error handling, see **[Error Handling](./error-handling)**.
 - **Missing metadata merge**: merge agent card fulfillments with user metadata when you send responses.
 - **Streaming text handling**: status updates can include partial text; append incrementally.
 - **Ignoring status updates**: streamed agent output typically arrives via `status-update` events (in `event.status.message`), not `message`.
-- **Node fetch missing**: Node < 18 requires a `fetch` polyfill or custom `fetch` passed to the API client.
+- **Node fetch missing**: Node < 18 requires a `fetch` polyfill or custom `fetch` passed to the API client.
diff --git a/docs/development/custom-ui/getting-started.mdx b/docs/development/custom-ui/getting-started.mdx
@@ -36,6 +36,13 @@ const api = buildApiClient({
 `buildApiClient` exposes the platform API with typed responses and runtime validation.
 Use the user access token from your identity provider (OIDC/OAuth) for UI side API calls.
 
+<Note>
+  **Browser clients require CORS**
+
+  If your custom UI runs on a different origin than your Agent Stack server, enable CORS on the server for your frontend origin. See **[Cross-Origin Resource Sharing Configuration](../deploy-agent-stack/deployment-guide#cross-origin-resource-sharing-configuration)**.
+  If allowing origins directly is not possible, route calls through a same-origin frontend proxy.
+</Note>
+
 ### 3. Create context and context token
 
 ```typescript

diff --git a/docs/development/custom-ui/platform-api-client.mdx b/docs/development/custom-ui/platform-api-client.mdx
@@ -25,6 +25,13 @@ const api = buildApiClient({
 - `baseUrl` (required): The base URL of your AgentStack server instance.
 - `fetch` (optional): Custom fetch implementation. Required in Node.js < 18 or environments without global fetch support. Useful for adding authentication headers or custom request handling.
 
+<Note>
+  **Browser clients require CORS**
+
+  If you call the Agent Stack API from a browser app running on a different origin, enable server-side CORS for your frontend origin. See **[Cross-Origin Resource Sharing Configuration](../deploy-agent-stack/deployment-guide#cross-origin-resource-sharing-configuration)**.
+  If allowing origins directly is not possible, route calls through a same-origin frontend proxy.
+</Note>
+
 ### Example: Authenticated Client
 
 In many applications, you will want to add authentication headers to requests: