By Shubham Khatri


2016-04-11 16:15:58 8 Comments

I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that

No Access Control Allow Origin Header is present on the Requested resource.

The solution was ofcourse to add such an header to the API. However strangely, When I sent the the same request through POSTMAN I was able to get back the response.

So I want to know how is sending a request through POSTMAN different from sending a request through browser.

I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.

1 comments

@Alexander O'Mara 2016-04-11 17:05:18

From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:

Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.

@Vrishank 2019-03-14 06:17:35

So, this behavior for extension is assuming that Cross Site requests are enabled from server side. What happens if server itself is blocking cross site requests?

@Alexander O'Mara 2019-03-14 19:16:05

@Vrishank You would have to figure out how the server in question is desciding to block the request. Perhaps you need to add a referer header.

Related Questions

Sponsored Content

8 Answered Questions

[SOLVED] Sending cookies with postman

  • 2015-06-17 11:34:46
  • MiddleWare
  • 80514 View
  • 45 Score
  • 8 Answer
  • Tags:   cookies postman

25 Answered Questions

[SOLVED] How to allow CORS?

8 Answered Questions

[SOLVED] API Gateway CORS: no 'Access-Control-Allow-Origin' header

14 Answered Questions

20 Answered Questions

[SOLVED] Response to preflight request doesn't pass access control check

5 Answered Questions

10 Answered Questions

1 Answered Questions

Cors issue occurs only when "put"?

Sponsored Content