|
|
|
|
|
|
by joevandyk
2822 days ago
|
|
|
Server is supposed to check authentication/authorization through some method. If HTTP, that’s done via setting some information in the request headers, be it a cookie, or basic auth, or token auth, or similar. CORS is done by the browser - to not allow certain requests to be made (In case you are accidentally executing malicious javascript code). The server tells the browser via the CORS headers which requests are ok to make. |
|
|