Ole Ole - 6 months ago 11
AngularJS Question

Why does CORS negotiation occur when making requests for same domain resoures?

I'm reading through this Spring Boot Security tutorial:

https://spring.io/guides/tutorials/spring-security-and-angular-js/

It it it states:


You might not see the 401 because the browser treats the home page load as a single interaction, and you might see 2 requests for "/resource" because there is a CORS negotiation.


However the resource is loaded from
localhost
like all the other requests, so why is there a CORS negotiation?

TIA,
Ole

Answer

A different port or protocol or subdomain also constitutes a different origin within the same origin policy.

So if you make request from http://localhost:3000 to http://localhost:8080 it is subject to CORS.

Or from http to https

Or from http://www.example.com to http://example.com

Comments