CORS allowed-origin restrictions aren’t causing the server to reject requests

by

However, when I open up a browser and type in http://localhost:8080/api/car I am still able to access the REST endpoint.

CORS allowed-origins settings don’t cause servers to block requests.

And because the server isn’t blocking the request, that doesn’t prevent you from opening the URL directly in a browser.

The same-origin policy is what imposes cross-origin restrictions, and the same-origin policy is only applied to frontend JavaScript in web applications running in a web browser, and using XHR or Fetch or jQuery $.ajax(…) or whatever to make cross-origin requests.

So CORS isn’t a way to cause servers to block requests. And so it also isn’t a way to prevent users from being able to directly navigate to a URL, and isn’t a way to prevent any non-web-application tools like curl or Postman or whatever from accessing the URL.

More Related Contents:

  1. Spring Boot Configure and Use Two DataSources
  2. Filter invoke twice when register as Spring bean
  3. Spring Data Rest and Cors
  4. Add context path to Spring Boot application
  5. Spring security CORS Filter
  6. Spring Boot Adding Http Request Interceptors
  7. How to customise the Jackson JSON mapper implicitly used by Spring Boot?
  8. Spring Boot Multiple Datasource
  9. Spring Boot configure and use two data sources
  10. Disable Spring Security for OPTIONS Http Method
  11. How to bind an object list with thymeleaf?
  12. How to set base url for rest in spring boot?
  13. Filter order in spring-boot
  14. No serializer found for class org.hibernate.proxy.pojo.bytebuddy.ByteBuddyInterceptor
  15. How to configure embedded Tomcat integrated with Spring to listen requests to IP address, besides localhost?
  16. How to enable HTTP response caching in Spring Boot
  17. Spring Boot and custom 404 error page
  18. Spring Boot with redirecting with single page angular2
  19. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  20. Multipart File upload Spring Boot
  21. Spring Boot Actuator without Spring Boot
  22. Configure ViewResolver with Spring Boot and annotations gives No mapping found for HTTP request with URI error
  23. What is username and password when starting Spring Boot with Tomcat?
  24. Difference between Interceptor and Filter in Spring MVC
  25. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  26. How to re-create database before each test in Spring?
  27. Using @RequestParam for multipartfile is a right way?
  28. Programmatically restart Spring Boot application / Refresh Spring Context
  29. How I create an error handler (404, 500…) in Spring Boot/MVC
  30. INFO: No Spring WebApplicationInitializer types detected on classpath

Leave a Comment