CORS with POSTMAN

IsraGab picture IsraGab · Mar 27, 2016 · Viewed 132.5k times · Source

This subject has been asked a couple of time, but I still don't understand something:

When I read answers about

No 'Access-Control-Allow-Origin' header

issue, it says a setting should be set on the requested server in order to allow cross domain: add_header 'Access-Control-Allow-Origin' '*';.

But, please tell me why when asking from postman (which is a client), It's working like a charm and I have a response from the requested server?

Thank you

Answer

IsraGab picture IsraGab · Apr 7, 2016

As @Musa comments it, it seems that the reason is that:

Postman doesn't care about SOP, it's a dev tool not a browser

By the way here's a chrome extension in order to make it work on your browser (this one is for chrome, but you can find either for FF or Safari).

Check here if you want to learn more about Cross-Origin and why it's working for extensions.