Why Web browsers REST client extensions or curl command don't have CORS policy error? And when trying JavaScript on local file you experiment this sort of error? It is mandatory to run the file from a local web server?
Thanks!
CORS only apply to browsers<p><a href="http://performantcode.com/web/do-you-really-know-cors" rel="nofollow">http://performantcode.com/web/do-you-really-know-cors</a><p>Common Misconception About CORS
At the first glance, CORS configuration on a server side looks like some sort of ACL (Access Control List) – a server returns the origin that it accepts requests from. The only way to access a resource is to send a request from the origin whitelisted by a server, right? Not really. Remember that HTTP isn’t used only by browsers and you can send an HTTP request from any client like curl, Postman, and so on. If you prepare a custom HTTP request in those tools, you can put any Origin header you want. You can also skip it and a server usually returns a correct result anyway. Why is that? Because as I mentioned earlier, Same-Origin Policy is a concept implemented in browsers. Other tools or software components don’t care about it that much.