DEV Community

loading...

Discussion on: ✋🏼🔥 CS Visualized: CORS

Collapse
caioiglesias profile image
Caio Iglesias

You are correct. It's just an intro showing a request that works followed by one that fails. They seem similar, but are being affected by the same-origin policy.

api.website.com has to be returning Access-Control-Allow-Origin: https://www.mywebsite.com since the second example denies the request coming from anotherdomain.com.