Answer the question
In order to leave comments, you need to log in
S
S
Senbonzakuraa2022-04-20 17:34:00
Senbonzakuraa, 2022-04-20 17:34:00
How does CORS work and client requests in general?
Let's say there are 3 domains:
myserver.com- My server with API is located here.
myclient.com- This is where my client is located that is allowed to access my API.
anyclient.com- Here is a foreign client that throws requests to my server.
Next myclient.comcomes the request to myserver.com:
get('https://myserver.com/api/getUsers');
Question - will my server understand that the request was sent from the domain myclient.com? or will it consider that the request comes with myserver.com?
I want requests to my server to go only from the domain myclient.comand exclude the possibility of requests from the domain anyclient.com. Is it possible to use CORSfor this?
1 answer(s)
@Senbonzakuraa
I
InfernoElegy, 2022-04-21 @Senbonzakuraa
Maybe. This is exactly what Cors was made for.
On your server side you should return
Access-Control-Allow-Origin headers: https://myclient.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, ...
Access-Control-Allow-Headers: Content- Type, ...
Now the anyclient.com browser will block the request when it sees that the server has not granted permission to the request from the current domain
Similar questions
N
S
N
I
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question