S
S
Senbonzakuraa2022-04-20 17:34:00
Node.js
Senbonzakuraa, 2022-04-20 17:34:00

How does CORS work and client requests in general?

Let's say there are 3 domains:

myserver.com- My server with API is located here.

myclient.com- This is where my client is located that is allowed to access my API.

anyclient.com- Here is a foreign client that throws requests to my server.

Next myclient.comcomes the request to myserver.com:

get('https://myserver.com/api/getUsers');
Question - will my server understand that the request was sent from the domain myclient.com? or will it consider that the request comes with myserver.com?

I want requests to my server to go only from the domain myclient.comand exclude the possibility of requests from the domain anyclient.com. Is it possible to use CORSfor this?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
InfernoElegy, 2022-04-21
@Senbonzakuraa

Maybe. This is exactly what Cors was made for.
On your server side you should return
Access-Control-Allow-Origin headers: https://myclient.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, ...
Access-Control-Allow-Headers: Content- Type, ...
Now the anyclient.com browser will block the request when it sees that the server has not granted permission to the request from the current domain

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question