Do I need to enable CORS when my API is in a subdomain of my main site?

Question

Do I need to enable CORS when my API is in a subdomain of my main site?

I have a RESTful api sitting on a subdomain of my site, so it is configured as shown below:

api.blah.com - RESTful api blah.com - Website

When I try to execute HTTP requests, I get the following error:

 No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '(index)' is therefore not allowed access.

I thought that since it is in the same domain, this should work, do I need to enable CORS or is there something else I need to do?

The API is built on the ASP.Net web interface, and the website is based on AngularJS.

thanks

+5

http rest cors cross-domain

Jmk Nov 03 '14 at 10:06

source share

1 answer

inf3rno · Accepted Answer · 2014-11-03T22:11:15+0000

Yes, you must enable it. You must send CORS resolving server-side headers to your browser. This is because the subdomain is considered a different origin . You probably need to enable HTTP methods like PUT, DELETE, OPTIONS. At least I assume that angular sends such requests too. These new methods should handle preflight requests (OPTIONS).

Do I need to enable CORS when my API is in a subdomain of my main site?

More articles: