loading...

Understanding Cross-Origin Resource Sharing (CORS)

Miguel Mota on September 20, 2019

Cross-Origin Resource Sharing (CORS) is a way of making HTTP requests from one place to another. Historically browsers have only allowed requests i... [Read Full]
markdown guide
 

Hi Miguel! thank you for nice post and detailed description!

Thanks to you I could understand the CORS concept and the process of the preflight

Then, May I translate from Korean? i guess many Korean developers was finding kinds of this post. but it's more better than that.

I'm okay if you mind! Just tell me your opinion!
Thanks Miguel!

 

Hi @joontaekim , yes you may translate the post to Korean! Thanks

 

"The Access-Control-Allow-Credentials header be present on both the preflight and actual request ..."

But according your code, 'Access-Control-Allow-Credentials' header Only be present on actual request, I am confusing.

 

I updated the sentence to be more clear. The Access-Control-Allow-Credentials header only needs to be present on the non-preflight response (the actual response). Cookies are only sent in the actual response. If the Access-Control-Allow-Credentials header is also present in the preflight response then cookies will still not be sent because it's the preflight response. Cookies are only sent in the non-preflight actual response.

 
code of conduct - report abuse