I've tried to understand HTTP base statements, because that is not working as I expected.
E.g. I've put Access-Control-Allow-Origin as http://www.example.com, and I tried to send POST requests from http://www.example2.com and it was with error like I expected.
It says ...request has been blocked by CORS policy. But I was wonder when looked that actually that request was done on http://www.example.com and POST action was called.
Question then, why do we need that protection?
Aucun commentaire:
Enregistrer un commentaire