Just want to specify that CORS is a features provided by browser, in fact, if you made the same fetch in nodejs you are not going to receive cors blocking at alls. This is really important to understand that because debugging can be crazy without 😅
cors doesn't prevent request from the serverside though so you'll have to think of ways to black list/ white list a request for that if you want to prevent them from accessing your rest api
I believe you mean to ask if form data will trigger a CORS preflight check. No, it does not trigger that like JSON does. As mentioned in the video, many more details are on MDN here: developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Hello Dave. Thank you very much! Kindly explain if I understand correctly. When we refresh the page the token gets cleared. For that reason we implement baseQueryWithReAuth. But if we keep checkbox “trust this device” unchecked. Then there is no refresh endpoint which means on page reload the page will not be allowed to see it due to empty access token and no refresh endpoint. Is it correct? If yes then how to implement a feature to keep page accessible on page reload but disallow page view if the page/browser is closed. Is it secure to use sessionStorage for accessToken in this case? Or is there any better solution? Thank you very much in advance.
To be honest in django Cors headers error occurs when connecting frontend with backened and is really has an only 3 step solution. Dont know about nodejs😅😅
The best way to never have a CORS error is to never send requests to another URL from the browser. It's good practice to validate requests by letting them pass through your servers is good practice anyway.
