|
|
|
|
|
|
by kenny_r
489 days ago
|
|
|
CORS is enforced by the client, the web browser. +----------------------+ +-----------------------+
| User Browser | | WordPress Site |
| (viewing from | CORS Error | (blog.com) |
| example.com) | Browser enforces CORS | |
| +------------+ | Direct request | +------------+ |
| | Frontend |<-----------------------------------X | xmlrpc.php | |
| | App | | example.com → blog.com | | | |
| +------------+ | | +------------+ |
+----------------------+ +-----------------------+
Browser security blocks cross-origin
requests (CORS is browser-only!)
The bottle app presumably uses some python library like Requests. It wouldn't care about CORS. +----------------------+ +------------------------+ +-----------------------+
| User Browser | | App Server | | WordPress Site |
| (viewing from | | (example.com) | | (blog.com) |
| example.com) | | | | |
| +------------+ | | +------------+ | | +------------+ |
| | Frontend |<-------->| | Backend |<---------->| | xmlrpc.php | |
| | App | | | | (Bottle) | | | | | |
| +------------+ | | +------------+ | | +------------+ |
+----------------------+ +------------------------+ +-----------------------+
Same origin Uses requests library Different origin
Browser allows this No CORS checks here! (Server doesn't care
(Not a browser!) about origin)
|
|
|