Cross Origin Resource Sharing by which you let others to access the api's hosted on your domain.
Below (nginx) example adds the headers to default.conf file
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, accept, content-type';
Below are few links that I used for my reference.
Any client side Javascript can make calls to other website which has the above rule set. Be careful while setting Access-Control-Allow-Origin to '*', as this allows anyone to hit your api/website
No comments:
Post a Comment