Reputation: 7622
When do I need CORS?
I have a 3rd party applications that allows one to create add-ins. The add-ins are just html, js and css. Anyway this is loaded/rendered locally. I realized I can make AJAX request to different servers I control that do not have CORS configured and it works.
So when do I actually need CORS?
Upvotes: 0
Views: 1145
Answers (2)
Reputation: 239664
You need CORS when you're running in a browser or in another application that has adopted browser policies around sandboxing, same site, origins, etc.
If you're not running inside a browser sandbox, in all likelihood CORS will not have been implemented and you are free to make any requests you like. In such a situation you don't really have the browser concept of an origin, so there's no concept of a cross-origin request.
There also don't tend to be unrelated cookies for other origins lurking around in such processes, so the risks that CORS are designed to address do not arise.
Upvotes: 2
Reputation: 307
You need CORS if you want to filter which domain(s) and at what level (POST/GET/PATCH/PUT) can your server share resources (data usually via http) with.
If you don't have CORS configured, then by default your server shares it's data with all domains.
Upvotes: 0
Related Questions
- Does a RESTful API need CORS implementation anytime?
- same-origin policy and CORS - what's the point?
- CORS: what's the purpose of Simple Request?
- CORS who has to send what?
- Point of CORS HTTP Headers
- When is it safe to enable CORS?
- The concept of CORS and should I enforce an Origin header?
- Understanding CORS security: what's the use of server allowing browser cross-domain access?
- Why is CORS needed for localhost?
- CORS: Do I need it here?