Breaking News: Grepper is joining You.com. Read the official announcement!
Check it out

What is CORS policy & how to solve it?


Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. 



For Better Understanding, I am using a simple Express.js project for API calls. You can also use others for API calls. I am serving the server in port 3000.

for the client side, I am using a Basic HTML template like the given below. there this a script and in there I have the function named fetechData. In that function, i am calling that API that I created using express above

In my script file, I have an API call and for the API call, I am using fetch. Usually, we don't need to say the method type if it gets because by default fetch uses the get method but for better understanding, I am adding the method in the fetch.

Now our project is ready to work. if I run the HTML file we can see there is a button name get data. If we press then we will see in the console that 

This actually happened because if the client domain and the server site domain are different then it

breaks the CORS Policy. Then what is the CORS Policy?

Basically, It is a browser Policy. If One site is sending a request to another server the server then it  must be  send the request from the same domain or else it will violate the CORS Policy and the browser will reject the request. If we check the network tab in the browser we can see that in the header the is no Access-Control-Allow-Origin present. For getting this we cant get it from the client side unless the serverside resolves this issue

This error only can be handled in the server-side code or backend code.

On the server-side, It must allow the domain(our project domain) in the response header. 

If we want to solve this in our code we should follow the given example.

we have to install the cors package using this command

then we have to modify our code

wow, we just fixed the error. we are just allowing the origins from where we will accept the API calls. If there are multiple platforms we should bind them in an array.

If we want to create a public API we can use the "*" in the origin


THIS IS HOW WE CAN SOLVE THE CORS POLICY ERROR

In Addition 

 There is something different in the PUT API call. rest are the same but in the PUT API call, they send a preflight request it checks whether he is accessible to send data or not. The preflight uses send method name "options". 

if we check the header in the console we will see that Access-Control-Allow-Methods: GET, HEAD, PUT, PATCH. It is set by that package. On the other hand, if we want to provide more security we can also set what type of method we are accepting from that origin 

From the above example, we can see that we are only accepting the GET & POST method from that origin(127.0.0.1:5500). If someone tries to PUT or DELETE it will again return that CORS policy error.

There are so many things we can also do but only for the basic cases I try to explain why cors policy error occurs


thanks for reading the article it was inspired by Learn with Sumit - LWS - Bangladesh

X

Continue with Google

By continuing, I agree that I have read and agree to Greppers's Terms of Service and Privacy Policy.