lebronjamesuit
commented
1 year ago Cross-Origin Requests Cross-origin requests, in short, are HTTP requests where the origin and the target of the request are different. This is the case, for instance, when a web application is served from one domain and the browser sends an AJAX request to a server in another domain.
To manage cross-origin requests, the server needs to enable a particular mechanism known as CORS, or Cross-Origin Resource Sharing.
The first step in CORS is an OPTIONS request to determine whether the target of the request supports it. This is called a pre-flight request.
The server can then respond to the pre-flight request with a collection of headers:
Access-Control-Allow-Origin: Defines which origins may have access to the resource. A ‘*' represents any origin Access-Control-Allow-Methods: Indicates the allowed HTTP methods for cross-origin requests Access-Control-Allow-Headers: Indicates the allowed request headers for cross-origin requests Access-Control-Max-Age: Defines the expiration time of the result of the cached preflight request So, if the pre-flight request doesn't meet the conditions determined from these response headers, the actual follow-up request will throw errors related to the cross-origin request.
Access to XMLHttpRequest at 'http://localhost:8600/api/auth/signup' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'CORS policy' header is present on the requested resource
https://aws.amazon.com/en/what-is/cross-origin-resource-sharing/