Ole Ole - 4 months ago 9x
AngularJS Question

Why does CORS negotiation occur when making requests for same domain resoures?

I'm reading through this Spring Boot Security tutorial:


It it it states:

You might not see the 401 because the browser treats the home page load as a single interaction, and you might see 2 requests for "/resource" because there is a CORS negotiation.

However the resource is loaded from
like all the other requests, so why is there a CORS negotiation?



A different port or protocol or subdomain also constitutes a different origin within the same origin policy.

So if you make request from http://localhost:3000 to http://localhost:8080 it is subject to CORS.

Or from http to https

Or from http://www.example.com to http://example.com