CORS allowed when no response header Access-Control-Allow-Origin
up vote
-1
down vote
favorite
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
2- why the request worked on my local host , the browser sent the following headers in request :
Origin: http://localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?
javascript google-chrome cors cross-domain
add a comment |
up vote
-1
down vote
favorite
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
2- why the request worked on my local host , the browser sent the following headers in request :
Origin: http://localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?
javascript google-chrome cors cross-domain
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
2- why the request worked on my local host , the browser sent the following headers in request :
Origin: http://localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?
javascript google-chrome cors cross-domain
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
2- why the request worked on my local host , the browser sent the following headers in request :
Origin: http://localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?
javascript google-chrome cors cross-domain
javascript google-chrome cors cross-domain
asked yesterday
Mohammad Karmi
3071417
3071417
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
add a comment |
up vote
1
down vote
accepted
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
answered yesterday
Quentin
630k718491018
630k718491018
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
add a comment |
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
so the "Access-Control-Allow-Origin" is never needed on same origin even if Origin header is sent by the browser right ?
– Mohammad Karmi
yesterday
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224470%2fcors-allowed-when-no-response-header-access-control-allow-origin%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password