
Ask HN: Why Web Browsers REST client extensions doesn't have CORS policy erros? - calebjosue
Why Web browsers REST client extensions or curl command don&#x27;t have CORS policy error? And when trying JavaScript on local file you experiment this sort of error? It is mandatory to run the file from a local web server?
Thanks!
======
jhjhds
CORS only apply to browsers

[http://performantcode.com/web/do-you-really-know-
cors](http://performantcode.com/web/do-you-really-know-cors)

Common Misconception About CORS At the first glance, CORS configuration on a
server side looks like some sort of ACL (Access Control List) – a server
returns the origin that it accepts requests from. The only way to access a
resource is to send a request from the origin whitelisted by a server, right?
Not really. Remember that HTTP isn’t used only by browsers and you can send an
HTTP request from any client like curl, Postman, and so on. If you prepare a
custom HTTP request in those tools, you can put any Origin header you want.
You can also skip it and a server usually returns a correct result anyway. Why
is that? Because as I mentioned earlier, Same-Origin Policy is a concept
implemented in browsers. Other tools or software components don’t care about
it that much.

~~~
tonyaiken
The question asked is for browser extensions. Chrome extensions can set this
behavior in manifest file.

