why postman doesn't get cross-origin block error?
Question
I've an API for auth, that works well with postman and returns JSON result, but after using that with JavaScript and fetch or axios I've cross-origin block in my browser.
But my question is not about cross-origin, I'm confused about difference between postman requests and browser requests...
How does postman send request that doesn't receive access block errors? is there any difference for sending requests?
thanks
1 answers
solution1
0 2020-04-25 06:09:14
Because Postman is a development tool and doesn't care about Same-origin policy.
It is actually the same for CURL..
CORS and SOP are server-side configurations that clients decide to enforce or not... browser enforces it, postman not...
The server simply states the sites that are allowed cross origin access through the Access-Control-Allow-Origin header in all its responses. It is up to the browser to respect this policy.
Some applications like postman, curl do not respect this policy, because they are meant to be used as developer tools, and as such it is expected that the people using these tools know what they're doing.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.