2đź‘Ť
CORS is “cross origin resource sharing”, see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests . Basically, it is enforced by your browser. If the browser is blocking a cross-origin request, you some options:
-
Make it not a cross origin request (by hosting everything at the same host and port)
-
Satisfy the criteria for “simple request” so the browser let’s the HTTP request through
-
Implement the server side of CORS on whatever is hosting the POST form, which usually is a web server configuration chore (i.e. in an httpd.conf file), or by writing a custom OPTIONS request handler that will allow resource sharing to the page which initiates the POST request.
In the last two options, you probably want to think of what the “origin” will look like once your page is live. Allowing access to “*” will probably work, but is undoing the cross site scripting protection that the browser is helping you with.