In some cases, you might not have access to server-side code.įor example, if you're using a third-party service for authentication, notification, sending emails, etc., you might run into this problem. It requires you to make modifications on the server side. While the server-side fix to CORS is the most technically coherent solution to this problem, there's a small catch. Let's head back to our server's app.js file.Īpp.get('/cors', (req, res) => )
Later we'll explore a way to work around this on the client side, but the most reliable solution is to always make the response from the server CORS-friendly. Hence, logically, CORS should always be handled from the server side. Therefore, it makes sense to configure the response from the server in such a way that the browser identifies this as a CORS request. It's only something that your browser imposes, and it suggests that your requested resource should be configured differently. If you think about it, your client doesn't have anything to do with CORS. It states that there's a missing Access-Control-Allow-Origin header on the resource you requested. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Access to fetch at ' from origin ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
0 kommentar(er)
