I've been implementing CORS in a lil app I have using node-restify to test it out and it turns out that in the browser, the behaviour is as expected, this means, in a different origin with CORS disabled, it doesn't work, if CORS is enabled, it works.
However, the tricky part is that with CURL, it always works! I've been following this question: How can you debug a CORS request with cURL?
I'm doing this:
curl -H 'Origin: http://example.com' http://cors.somewhere.com
And using the node-restify example to debug
var restify = require('restify');
var srv = restify.createServer();
//srv.use(restify.CORS()); // I enable and disable by uncomment line
function foo(req, res, next) {
res.send("bananas");
next();
}
srv.put('/foo', foo);
srv.get('/foo', foo);
srv.del('/foo', foo);
srv.post('/foo', foo);
srv.listen(process.env.PORT || 8080);
What am I missing?
Thank you!