0

Does the CORS policy add any value during the development phase? Should I develop with CORS on or off? The development is occurring in a distributed environment and there are no local copies of components, only a testing environment where components are uploaded and tested (not on the same servers, so CORS still apply). If I should enable the CORS policy, how should I set it up so my distributed teams can work against my back-end server from their development environments ?

This question was strongly influenced by this one : should-i-develop-with-tls-on-or-off

Cap Barracudas
  • 101
  • 2
  • How exactly do you propose to turn CORS "off"? – Conor Mancone Mar 24 '20 at 11:16
  • Add the response headers on the server side that allow cross origin requests. (Access-Control-Allow-Origin, *) – Cap Barracudas Mar 24 '20 at 11:49
  • Note that doing so disallows certain authorization configurations, so even this doesn't strictly turn CORS "off". Also you will still have to whitelist custom headers or have the request rejected. In other words, you can't fully turn CORS "off" – Conor Mancone Mar 24 '20 at 11:54

0 Answers0