CodeNewbie Community 🌱

Discussion on: No Access-Control-Allow-Origin' header..

Collapse
 
rohit1101 profile image
rohit1101

@bredmond1019 The reason why you get a response from postman but not in the browser is because CORS is a browser implementation(feature) to prevent cross site access.

The browser checkers for the header
Access-control-allow-origin from the api response if the header is not present in the response header browser throws an CORS error.

Hence we have to the header for the required cross-site

Here for example:

Access-control-allow-origin: localhost/5000

Please read this: developer.mozilla.org/en-US/docs/W... how many ever times you want it’s gold.

Collapse
 
rushvulture profile image
rushvulture

Chrome is sending an HTTP OPTIONS request, rather than a GET to your route, and it's checking the headers there. This is a complication, and it's a reason that adding the header to the response might not have worked correctly the first time doing the obvious thing. Adding the header to the response is the obvious thing to do.
More information developer.mozilla.org/en-US/docs/W... penalty kick online API response includes access-control-allow-origin header information In the event that the header is missing from the response header, the browser will generate a CORS error.