This practice set demonstrates Cross-Origin Resource Sharing (CORS) can restrict responses to requests coming from code delivered from a different server.
- Clone this repo to your computer.
- Run
npm installto install the required code. - Run
npm run start-dev; this will use the repo's code to start two web servers, http://localhost:8080 and http://localhost:8081. - Open both web servers in separate browser windows or tab and try both "Test" buttons. You'll find the button testing API access to the server on a port number different than the one in the browser window has no output and causes a CORS error in the browser console.
- Add middleware to
routes/api.jsto set the necessary CORS headers for both test buttons to work only for origin http://localhost:8080. One button should continue to cause errors in the http://localhost:8081 window. - Now change the middleware to allow access from anywhere.
Bonus: Change the middleware to allow access from both origins and no others.
[Example solution in solution/api.js]