Menu
I am invoking one of my APIs using curl as follows(cross origin).
curl -H "Origin: foo.com" -H "Content-Type: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4=" -v https://localhost:9443/api/v10/configs -k
I have not set the necessary cross origin headers in the server side. But the API call works. Why is that?
on server side API class, in the options call I am only setting the Allow header.
@OPTIONS
public Response options() {
return Response.ok().header(HttpHeaders.ALLOW, "GET").build();
}
The following headers are not set.
Access-Control-Allow-Methods:
Access-Control-Allow-Origin:
Access-Control-Allow-Headers:
997
asked Sep 04 '25 04:09
CORS is a mechanism to enable cross domain requests but in the browser using AJAX. If you use curl you can do what you want ;-)
So in your case (using curl), you try to execute the request outside a browser. So you are free to do what you want! With curl, the request will be always executed and you will see the exchanged headers for example. This can be something helpful to see if you have the expected headers for CORS...
Hope it helps you, Thierry
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
