Determining whether to enable CORS support
A cross-origin HTTP request is one that is made to:
A different domain (for example, from
A different subdomain (for example, from
A different port (for example, from
A different protocol (for example, from
Cross-origin HTTP requests can be divided into two types: simple requests and non-simple requests.
An HTTP request is simple if all of the following conditions are true:
It is issued against an API resource that allows only
If it is a
POSTmethod request, it must include an
The request payload content type is
The request does not contain custom headers.
Any additional requirements that are listed in the Mozilla CORS documentation for simple requests.
For simple cross-origin
POST method requests, the response from your
resource needs to include the header
Access-Control-Allow-Origin, where the
value of the header key is set to
'*'(any origin) or is set to the origins
allowed to access that resource.
All other cross-origin HTTP requests are non-simple requests. If your API's resources receive non-simple requests, you need to enable CORS support.