Six HTTP headers that will help you handle CORS.
Thread ๐งต
Thread ๐งต
We are going to cover HTTP request headers first, and then we will jump onto HTTP response headers.
๐ HTTP Request Headers
The client can use a few HTTP request methods with their API calls in order to make maximum use of the Cross-Origin resource sharing feature.
The client can use a few HTTP request methods with their API calls in order to make maximum use of the Cross-Origin resource sharing feature.
1๏ธโฃ Origin
The Origin header indicates the origin of the request. Browsers add the Origin request header to all cross-origin requests.
The Origin header indicates the origin of the request. Browsers add the Origin request header to all cross-origin requests.
2๏ธโฃ Access-Control-Request-Method
Access-Control-Request-Method header is used with the preflight request to let the server know which method will be used in the main request.
For example,
Access-Control-Request-Method: POST
Access-Control-Request-Method header is used with the preflight request to let the server know which method will be used in the main request.
For example,
Access-Control-Request-Method: POST
๐ HTTP Response Headers
The server sends Access-Control-* HTTP headers for cross-origin requests. ๐๐ป
The server sends Access-Control-* HTTP headers for cross-origin requests. ๐๐ป
1๏ธโฃ Access-Control-Allow-Origin
Access-Control-Allow-Origin tells the browser which origin value is allowed to access the resources.
For example,
Access-Control-Allow-Origin: <origin> | *
The wildcard (*) indicates that all the origins can access the resources.
Access-Control-Allow-Origin tells the browser which origin value is allowed to access the resources.
For example,
Access-Control-Allow-Origin: <origin> | *
The wildcard (*) indicates that all the origins can access the resources.
2๏ธโฃ Access-Control-Max-Age
The Access-Control-Max-Age header indicates the amount of time in which the result of the preflight request can be cached.
After the specified time, the browser needs to send a new preflight request.
The Access-Control-Max-Age header indicates the amount of time in which the result of the preflight request can be cached.
After the specified time, the browser needs to send a new preflight request.
3๏ธโฃ Access-Control-Allow-Credentials
Access-Control-Allow-Credentials is used with the response of a preflight request which indicates whether the actual request can be made using credentials.
Access-Control-Allow-Credentials is used with the response of a preflight request which indicates whether the actual request can be made using credentials.
4๏ธโฃ Access-Control-Allow-Methods
The Access-Control-Allow-Methods header indicates which methods are allowed to access the cross-origin resource. It is sent in response to a preflight request.
For example,
Access-Control-Allow-Methods: POST
The Access-Control-Allow-Methods header indicates which methods are allowed to access the cross-origin resource. It is sent in response to a preflight request.
For example,
Access-Control-Allow-Methods: POST
Developing a basic understanding of CORS can save you from hours of debugging.
Read this complete thread on "Introduction to CORS"
Read this complete thread on "Introduction to CORS"
With that said, this is the end of this thread. We hope you find it helpful. ๐๐
Loading suggestions...