CORS allowed when no response header Access-Control-Allow-Origin









up vote
-1
down vote

favorite












I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:



1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?



2- why the request worked on my local host , the browser sent the following headers in request :



Origin: http://localhost:8080



or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?






javascript google-chrome cors cross-domain







share|improve this question

























    up vote
    -1
    down vote

    favorite












    I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:



    1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?



    2- why the request worked on my local host , the browser sent the following headers in request :



    Origin: http://localhost:8080



    or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?






    javascript google-chrome cors cross-domain







    share|improve this question























      up vote
      -1
      down vote

      favorite









      up vote
      -1
      down vote

      favorite











      I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:



      1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?



      2- why the request worked on my local host , the browser sent the following headers in request :



      Origin: http://localhost:8080



      or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?






      javascript google-chrome cors cross-domain







      share|improve this question













      I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:



      1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?



      2- why the request worked on my local host , the browser sent the following headers in request :



      Origin: http://localhost:8080



      or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?






      javascript google-chrome cors cross-domain




      javascript google-chrome cors cross-domain






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      Mohammad Karmi

      3071417




      3071417






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted











          will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?




          A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.



          PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.




          why the request worked on my local host




          The Same Origin Policy doesn't block access when the request is from the same origin.






          share|improve this answer




















          • so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
            – Mohammad Karmi
            yesterday











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224470%2fcors-allowed-when-no-response-header-access-control-allow-origin%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted











          will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?




          A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.



          PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.




          why the request worked on my local host




          The Same Origin Policy doesn't block access when the request is from the same origin.






          share|improve this answer




















          • so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
            – Mohammad Karmi
            yesterday















          up vote
          1
          down vote



          accepted











          will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?




          A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.



          PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.




          why the request worked on my local host




          The Same Origin Policy doesn't block access when the request is from the same origin.






          share|improve this answer




















          • so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
            – Mohammad Karmi
            yesterday













          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted







          will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?




          A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.



          PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.




          why the request worked on my local host




          The Same Origin Policy doesn't block access when the request is from the same origin.






          share|improve this answer













          will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?




          A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.



          PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.




          why the request worked on my local host




          The Same Origin Policy doesn't block access when the request is from the same origin.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered yesterday









          Quentin

          630k718491018




          630k718491018











          • so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
            – Mohammad Karmi
            yesterday

















          • so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
            – Mohammad Karmi
            yesterday
















          so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
          – Mohammad Karmi
          yesterday





          so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
          – Mohammad Karmi
          yesterday


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224470%2fcors-allowed-when-no-response-header-access-control-allow-origin%23new-answer', 'question_page');

          );

          Post as a guest

































































          -

          Popular posts from this blog

          How to how show current date and time by default on contact form 7 in WordPress without taking input from user in datetimepicker

          Image
          0 I have a "Ask for demo" form which has two options, 1. Contact me now and 2. Schedule a demo. If user selects option 1 then current date and time should by displayed on form and if he selects option 2 then A calendar is shown for taking user input. My problem is getting current date and time by default on form. Please help. TIA contact-form-7 share | improve this question asked Nov 12 '18 at 9:01 abhi25 abhi25 14 5 add a comment  |  0 I have a "Ask for demo" form which has two options, 1. Contact me now and 2. Schedule a demo. If user selects option 1 then current date and time should by displayed on form and if he selects option 2 then A calendar is shown for taking user input. My problem is getting current date and time by default on form. Please help. TIA contact-form-7 share | improve this question asked Nov 12 '18 at 9:01 abhi25 abhi25 14 5 add a commen
          Read more

          Syphilis

          Image
          Klassifikation nach ICD-10 A50 Syphilis connata A51 Frühsyphilis A52 Spätsyphilis A53 Sonstige und nicht näher bezeichnete Syphilis ICD-10 online (WHO-Version 2019) Syphilis , [1] auch Lues (venerea) , harter Schanker oder Franzosenkrankheit (maladie française) genannt, ist eine chronische Infektionskrankheit, die zur Gruppe der sexuell übertragbaren Erkrankungen gehört. Der Erreger der Syphilis ist das Bakterium Treponema pallidum ssp. pallidum . Die Syphilis wird hauptsächlich bei sexuellen Handlungen durch Schleimhautkontakt und ausschließlich von Mensch zu Mensch übertragen. Während der Schwangerschaft und bei der Geburt kann eine erkrankte Mutter ihr Kind infizieren ( Syphilis connata ). Das Erscheinungsbild der Krankheit ist vielfältig. Typisch ist ein Beginn mit schmerzlosen Schleimhautgeschwüren und Lymphknotenschwellungen. Bei einem Teil der Infizierten kommt es zu einem chronischen Verlauf, der durch vielfältigen Haut- und Organbefall gekennzeichnet ist. Im Endstadium kom
          Read more

          Darth Vader #20

          Image
          Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Community Top Users Activity Feed User Lists Community Promos Archives News Reviews Videos Podcasts Previews Login / Sign Up All Wiki     Arcs     Characters     Companies     Concepts     Issues     Locations     Movies     People     Teams     Things     Volumes     Series     Episodes Editorial     Videos     Articles     Reviews     Features Community     Users Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Com
          Read more