I am running a API hosted in heroku
I was requested by few users to do something about CORS headers.
Two feedbacks that I received:
I was wondering if you could please set cors header on your API server to allow requests from localhost during development. I would like to use your API in a React app as a demo but requests from localhost:3000 (react app) are blocked by CORS.
Your API is not very useful without CORS headers; it forces your users to run requests through a proxy.
But I cannot find relevent info on the internet on this topic. I completely new to this issue.
If I am thinking in the wrong direction or if I am missing anything, please help me out.
- Why CORS headers are not set by default?
- Does they pose any threat?
- How to achieve the above stated configuration?
Helpful Info:
- I am using nodejs, expressjs
- I am also using the request-ip package from npm
- I am having problem getting started with CORS. Not having issue while implementing CORS. SO please consider
Note: Any suggestion gratefully received. Thanks in advance.
