Which domains and HTTP methods will be allowed on the specified endpoint? I assume all origins and all methods, otherwise I don't know how would this work. I had a big discussion at work about CORS, nobody actually understood it fully, but now everyone has a pretty good idea.
The reason why I don't think the thing you suggested is a good idea is because you basically threw out Same-Origin policy that the browsers enforce and it's a VERY good thing they do. I think the best thing to do would be to never turn CORS on, until you actually deploy something to production. Even then, maybe you can configure that the backend and frontend are served from the same origin and BAM, you don't even need CORS.
Now, I know that this post is about setting up CORS for side projects and the thing you specified is fine, but even better would be to use an option available in create-react-app, which is to use a proxy (create-react-app.dev/docs/proxying...). Angular CLI projects have the same thing available.
Or maybe even simpler, but not necessarily better, is to use a browser extension which turns off the same-origin policy, it's a 5 second job. Just be sure it's not turned on when you're testing things in production.
Thank you for your response Seb, very informative and highlights the fact that the enabling CORS is not a great idea in a real life scenario. For example this end-point what we've created in the tutorial is going to allow requests from all origins and the supported methods are GET and POST.
This solution provides me the ability to build, test and try out absolutely vital functionality first, without buying a domain name or getting close to production stage at all. With this guide everybody can start working on a web application within a few minutes and focus on real functionality.
I am going to check out the proxy solution in create-react-app, that is probably a more elegant and safer way of getting the problem out of the way.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Which domains and HTTP methods will be allowed on the specified endpoint? I assume all origins and all methods, otherwise I don't know how would this work. I had a big discussion at work about CORS, nobody actually understood it fully, but now everyone has a pretty good idea.
The reason why I don't think the thing you suggested is a good idea is because you basically threw out Same-Origin policy that the browsers enforce and it's a VERY good thing they do. I think the best thing to do would be to never turn CORS on, until you actually deploy something to production. Even then, maybe you can configure that the backend and frontend are served from the same origin and BAM, you don't even need CORS.
Now, I know that this post is about setting up CORS for side projects and the thing you specified is fine, but even better would be to use an option available in create-react-app, which is to use a proxy (create-react-app.dev/docs/proxying...). Angular CLI projects have the same thing available.
Or maybe even simpler, but not necessarily better, is to use a browser extension which turns off the same-origin policy, it's a 5 second job. Just be sure it's not turned on when you're testing things in production.
Thank you for your response Seb, very informative and highlights the fact that the enabling CORS is not a great idea in a real life scenario. For example this end-point what we've created in the tutorial is going to allow requests from all origins and the supported methods are GET and POST.
This solution provides me the ability to build, test and try out absolutely vital functionality first, without buying a domain name or getting close to production stage at all. With this guide everybody can start working on a web application within a few minutes and focus on real functionality.
I am going to check out the proxy solution in create-react-app, that is probably a more elegant and safer way of getting the problem out of the way.