Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does Postman (an electron app) get around CORS?

Tags:

cors

electron

postman

fetch

As most people know, Postman is made in Electron. However, it does not run into CORS issues when attempting to make API calls. If a normal user packaged a simple electron app that made API calls using Fetch/XHR however, they will be blocked by endpoints that have a CORS policy. My question is, how does Postman get around this, and is there a setting or flag in Electron that lets my own app do the same? I read here and here that "Postman is a dev tool" but that isn't a in depth response, since Postman is an Electron app that would theoretically be running in Chromium (aka a browser). I'd appreciate anyone who could provide some headway in this topic!

like image 537
erli Avatar asked Jul 16 '19 16:07

erli

People also ask

Does Postman bypass CORS?

Postman simply doesn't care about CORS headers. So CORS is just a browser concept and not a strong security mechanism. It allows you to restrict which other web apps may use your backend resources but that's all.

Does Postman give CORS error?

Install the Postman Desktop Agent for your OS on our download page. Note: The CORS error generally happens due to browser limitations regarding resources shared between different internet domains. Please refer to this blog post for more information about CORS and how the Postman Desktop Agent works.

How do I resolve invalid CORS request in Postman?

Go to https://www.getpostman.com/docs/capture in your chrome browser. Click on interceptor extension and then choose add to chrome. Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light. In postman click this and it turns green.

What is Postman written in?

The Postman Sandbox is a JavaScript execution environment that's available to you while writing pre-request and test scripts for requests (both in Postman and Newman).

2 Answers

Do not forget that electron is not just Chromium, but also packages a Node. Which can also make HTTP requests. Without any Same Origin Policy, hence no CORS limitation.

I suspect Postman actually performs the HTTP request from its Node part (main process).

like image 73
ghybs Avatar answered Oct 11 '22 23:10

ghybs

You can disable web security on Electron (Chromium). That will enable you to get around CORS.

https://stackoverflow.com/a/55741491/3947422 https://github.com/electron/electron/issues/23664#issuecomment-631674094

like image 41
Ashish Avatar answered Oct 12 '22 01:10

Ashish
Sign in to Comment

Related questions

Getting around CORS with embedded google forms
Response to preflight: “No 'Access-Control-Allowed-Origin'” despite CORS-enabled
(CORS) How does the browser know when to do a pre-flight request
Cannot read response headers for CORS request with jQuery
CORS: Why there aren't a pre-flight request for POST with Content-Type:text/plain
Binance API and angular 4 httpClient
Request method 'OPTIONS' not supported - Spring Boot Application
Spring Boot Security No 'Access-Control-Allow-Origin' header is present on the requested resource Error
Ajax call bug with Chrome new version 73.0.3683.75?
CORS preflight response doesn't match actual response
cors failing for subdomains
Why is Flask-Cors not detecting my Cross-Origin domain in production?
Apache Solr: Setting HTTP Response Headers From solrconfig.xml For CORS
The concept of CORS and should I enforce an Origin header?
CORS preflight request returning "403 Forbidden"; subsequent request then only sending in Chrome
404 for web.api cors OPTIONS
How to enable both CORS support and NTLM authentication
OPTIONS request makes application 2x slower?
405 Method Not Allowed despite CORS
CORS error when connecting local React frontend to local Spring Boot middleware application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!