Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites call your web Service / Web API.
I was under the impression that the request will never go to the server in this scenario. I am sure that many of you would be thinking the same. BUT if you watch the HTTP traffic in a tool like Fiddler, you will see that the browser does send the GET request, and the request succeeds, but the AJAX call returns an error. It’s important to understand that same-origin policy does not prevent the browser from sending the request. Instead, it prevents the application from seeing the response.
Now you can use a mechanism called CORS i.e Cross-Origin Resource Sharing, to enable client-side cross-origin requests.
No comments:
Post a Comment