Why isn’t my CORS configuration causing the server to filter incoming requests? How can I make the server only accept requests from a specific origin?
CORS configuration won’t prevent the server from accepting requests based on the value of the Origin request header. You can’t do that just through CORS configuration. When you configure CORS support on a server, all that the server does differently is just to send the Access-Control-Allow-Origin response header and other CORS response headers. Actual enforcement … Read more