all about CORS (Cross-Origin Resource Sharing)

Docs

request headers

safe request headers

response headers

safe response headers

test CORS

Live Test

manual test

Here, we can manually tests that "http://localhost:3000" is allowed for CORS or not.

# test GET request
curl -I \
-H "Access-Control-Request-Method: GET" \
-H "Origin: http://localhost:3000" \
-X GET \
https://example.com/api/v1/adssafasdfsad

# test OPTIONS request
curl -I \
-H "Access-Control-Request-Method: GET" \
-H "Origin: http://localhost:3000" \
-X OPTIONS \
https://example.com/api/v1/adssafasdfsad

Above commands will only print headers (because of -I). So they should encompass access-control-allow-origin. Also, you can use --verbose to see more logs in each request

Golden Codes - armanexplorer planet

Practical code snippets for Django, Python, Bash, Git and All!

request headers

response headers

test CORS

manual test