CORS allowed when no response header Access-Control-Allow-Origin
Question
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
2- why the request worked on my local host , the browser sent the following headers in request :
Origin: http://localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ?
1 answers
solution1
1 ACCPTED 2018-11-09 11:07:49
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response.
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked.
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.