Index
ed
Search videos...
⌘
K
Search videos
Search across video titles, descriptions, and transcripts
Understanding CORS | Traversy Indexed
Back
Understanding CORS
Oct 11, 2025
intermediate
Live Stream
Hide Transcript
0:00
All right, so let's go over cores or
0:02
cross origin resource sharing. And
0:04
basically, your browser is blocking
0:05
requests between different domains. And
0:08
it's a security thing, so there's good
0:09
reason for it. Now, I have an example
0:12
HTML file with some front-end
0:13
JavaScript, and I'm trying to hit my
0:15
Express API on localhost 8000. Now when
0:18
I click the button and make that
0:20
request, I get an an error in the
0:22
console that says it's being blocked by
0:24
a course policy and it says no access
0:26
control allow origin header is present
0:29
on the requested resource. Now this
0:31
header is what tells the browser, hey
0:33
it's okay to make requests from other
0:35
domains. Without it, the browser blocks
0:38
that request. So your API is probably
0:40
working fine. If you test the same
0:42
endpoint in Postman or curl, it probably
0:45
works perfectly. That's because corores
0:47
is a browser security feature and it
0:49
only affects requests made from web
0:51
pages, not direct HTTP clients. So the
0:55
fix is simple. We need to add that
0:56
missing header to our express server to
0:59
tell the browser that we're okay with
1:00
cross origin requests. And there's a few
1:02
ways to do this. You can do it manually
1:04
by adding your own middleware function
1:06
where you set a few different headers.
1:08
So the the main one being access control
1:10
allow origin. And you can set that to
1:13
anything including an asterisk which
1:14
will allow from any domain. Then you
1:17
have access control allow methods where
1:19
you can set what methods you want. Get,
1:21
pose, put, delete. And then you have
1:23
access control allow headers and this
1:25
specifies which headers the front end
1:27
can send. And content type is a super
1:29
common one because we need that when
1:31
sending JSON data. So if you try it
1:33
again, you should get no more cause
Related Videos
1:25
React server components
Aug 31, 2025
intermediate
Quick Tip
1:02
package-lock.json file explained
Aug 29, 2025
beginner
Project Build
36:19
Encore Crash Course - TypeScript Backend Framework & Toolset
Sep 2, 2024
intermediate
Crash Course
1:46:11
Express Crash Course
May 7, 2024
intermediate
Crash Course
