Is CORS issue unique to AngularJS applications?

Question

I'm building a client side application with AngularJS that makes requests to a RESTful Web API built with ASP.NET. I have had the "No Access-Control-Allow-Origin Header is Present" error and I understandt that in order to fix it you need to allow CORS in your web API which I have done.

What I do not understand, however, is why I have this issue only with AngularJS applications. I have built many client side applications in ASP.NET MVC that consume services from an ASP.NET web API and I have never ran into this issue. Can someone shed some lights on why this happens?

Answer 1

No. It is not unique to Angular.

You will run into CORS issues when your backend API and frontend SPA have a different one of the following:

• Host Name: api.example.com and www.example.com
• Port: example.com and example.com:8080
• Protocol: https://example.com and http://example.com

Answer 2

CORS is a browser based technology, and is not limited to Angular. Angular leverages XMLHttpRequest to make it's requests, which is using the Same-origin policy. The reason that your other client-side applications are working is because they are not browser based.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Answer 3

It is not unique for AngularJS. It's like this for all javascript calls going to a different domain than the one it's in.

The difference might be that you called the web service from the server of the MVC project.

Whilst, calling an API from the front end (Browser), the browser has built in security that doesn't allow you to do calls to a different domain. The server does not have the same built-in security as the browsers.