Introducing Cross-Origin Resource Sharing or CORS
Before we discuss CORS policy and cross-origin resource sharing, try to send a POST request to version 2 of the WeatherForecast
endpoint. See if you can still retrieve some of the JSON response of the WeatherForecast
controller using Postman as shown in the following screenshot:
Figure 13.6 means that the endpoint is still working correctly, but it would not work in another SPA.
I created a React application that runs on port 3000
to see if it can fetch the JSON objects from the WeatherForecast
controller. No auth is required in the request, but the React application logs errors in the console; see Figure 13.7:
The error in Figure 13.7 says that access to XMLHttpRequest
at the endpoint from localhost:3000
has been blocked by CORS policy. The No Access-Control-Allow...