-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS raising error (correctly), but API POST succeeding #361
Comments
No, AFAIK not. As I understand CORS, it is a security rule enforced by the browser. |
I guess you simply have to add "Access-Control-Allow-Origin: *" to your http request headers. |
AFAIK this is a response header and not a request header. |
Thanks for your quick response. I did a little more research and confirmed what you say, that it's the browser that enforces cross-origin restrictions. So what I'm seeing is expected CORS behavior. And you indirectly answered my question: If the request origin is not in my |
Thank you very much for your thorough analysis. I added a quick fix.. can you confirm that this fixes the bug? |
Works for me, thanks! |
I must be missing a basic step. I'm using allow_origin to restrict requests to my API, e.g.:
'allow_origin'=>'https://x.com',
When I call the API (e.g., from https://example.com), I see an error in the developer console:
Failed to load https://.../api/testpost: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://example.com' is therefore not allowed access.
But the data is inserted into the database (this is a POST) and I get the new id back in the response.
Am I supposed to handle a CORS failure myself, and make sure to terminate the request?
The text was updated successfully, but these errors were encountered: