Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
groot5256yBasically you need to enable OPTIONS request at the server end for the same url as js would first hit that and continue and server end should have that... Also as a hack but unsafe practice as this is such a shit at the server end have Access-Control-Allow-Origin set to * so that all clients origin are allowed 😉
-
@groot I would try `Access-Control-Allow-Origin *` but I dunno how to do that on a lighttpd server ;(
As of now, I'm working with local servers and websites so security isn't nearly as important ;) -
balte23206yI often disable them for local development buuut they're a security feature and disabling them is technically a bug, not a fix. (so if your framework has a CORS fix module that really ticks me off, not speaking to anyone in particular)
-
devTea240886yCould someone enlighten me? I have been trying ibm text translator api and have been getting a cors error on my ajax request
-
devTea240886y@dUcKtYpEd it’s allowed on any other web api services except ibm one, is this ibm server problem?
-
devTea240886y@dUcKtYpEd, content cache is just one of the header I accidentally used. Now what I need to send is the authorization, but it throws the same error except with "authorization is not allowed" if I remove the content cache
-
devTea240886y@dUcKtYpEd I erased the token, sorry for not mentioning it. The backend are using net core it that matters
-
devTea240886y@dUcKtYpEd yes, I transfered from normal asp and I liked it already. Did you know any tutorial for net core connecting to sql without entity framework? Every site I found are using it and I don’t feel like learning it now yet
-
devTea240886y@dUcKtYpEd haha okay, I guess I’ll try it on my next free time. Got any tutorials that doesn’t skip the basic I could use?
-
devTea240886y@dUcKtYpEd also it worked if I created a web api with net core and requested it with ajax. So I should seperate my web services which is how I usually do it anyway
-
phil998715yCORS suck.
Best workaround so far: start chrome with the following options: --disable-web-security --disable-gpu
This way it will ignore CORS and everything works. -
Argos1743yWhat is this shit supposed to protect, if header can be set manually to 'Access-Control-Allow-Origin': '*'.
Looks like they have created this crap just to make development harder, because otherwise I dont see how it can do anything useful.
Can anyone tell any example on when CORS can really help, because so far I haven't read any reasonable explanation.
Related Rants
-
darkm0de16Dear CORS, Fuck you. Sincerely, localhost:8080 connecting to localhost:8000
-
devios15I fucking hate CORS. I mean yeah I get that it's for security and all but fucking COCKSUCKER is it ever fuckin...
-
hack11*Creates a rest api that runs on localhost:8080* *Creates React front end that runs on localhost:3000* *Sends ...
I hate CORS
rant
cors