loading...

re: ✋🏼🔥 CS Visualized: CORS VIEW POST

FULL DISCUSSION
 

Sorry if I'm missing something... But in your very first example:

Let’s say we’re trying to fetch some user information on our mywebsite.com website from a server that’s located at api.website.com

And it goes through fine... How come this is not a cross origin request? It's a different domain and subdomain isn't it?

 

You are correct. It's just an intro showing a request that works followed by one that fails. They seem similar, but are being affected by the same-origin policy.

api.website.com has to be returning Access-Control-Allow-Origin: https://www.mywebsite.com since the second example denies the request coming from anotherdomain.com.

 

I believe that's a typo. Should both be mywebsite.com, otherwise it's a cross-origin request

code of conduct - report abuse