Browser, CURL, POSTMAN are all applications, but for network requests,
Browser cares about SSL/TLS certificate and CORS when making network request.
But applications like CURL && POSTMAN they dont care
https://stackoverflow.com/questions/36250615/cors-with-postman
CORS (Cross-Origin Resource Sharing) and SOP (Same-Origin Policy) are server-side configurations that clients decide to enforce or not.
Related to clients
- Most Browsers do enforce it to prevent issues related to
CSRFattack. - Most Development tools don't care about it.
No comments:
Post a Comment