|
|
|
|
|
|
by ergothus
2542 days ago
|
|
|
> By default, under the same origin policy, a browser won't allow requests cross origin. Save a rather short-but-impactful list of exceptions. > CORS is a mechanism to loosen security, not increase it. Would that everyone shared your understanding. Add in these two insights to those we are enlightening: * CORS is enforced by the browser, so no, your curl command working doesn't say your service is fine * That error message in the browser about 'no-cors'? It is 99% likely that no-cors is NOT what you want, so the error message is just misleading and unhelpful ...and you'll have covered my CORS wishlist :) |
|
|