Access-Allow-Control-Origin does not restrict access from other domains

Question

Access-Allow-Control-Origin does not restrict access from other domains

Asked 5 years, 7 months ago

Viewed 78 times

0

I am creating an Api with Nodejs, where I set the application header to work properly Cross-Origin Resource Sharing.

app.use(function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "http://localhost:3000");
    res.header("Access-Control-Allow-Headers", "Content-Type");
    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
    res.header('Access-Control-Allow-Credentials', true);
    next();
});

Where in the code I restrict access only so localhost:3000 can access the resources. res.header("Access-Control-Allow-Origin", "http://localhost:3000");

Only even though it leaves access restricted to only one application, I can access the resources of this Api from any domain. What’s the matter with Access-Control-Allow-Origin that doesn’t work?

So how is the url you use to access another domain’s api?

– Chance

2018/12/10 at 21:23
i access this browser Api from my mobile phone, which is another totally different ip, and even so it returns me the Api @Andersonmendes rejections

– Rodrigo Jacinto

2018/12/12 at 00:41
1

I get it, I use the module Cors to control access, has the same principle, but with more functionality of a look any calls me that I help to configure.

– Chance

2018/12/12 at 00:46

No answers

Browser other questions tagged node.js http cors

You are not signed in. Login or sign up in order to post.