4

I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?

do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?

Comments
  • 0
    If the React app is hosted on a web server, you could use the domain as a allowed origin. It's the intended use of the header.
  • 0
    You have to set few headers server-side, I have had this exact problem some days ago
Add Comment