What's the difference between a POST request run with Node and a request sent with React/Chrome?

Question

I am testing the Robinhood API and the first thing I need to do is login using the API. I am able to login with the following code when I run node login.js

var axios = require('axios')
axios.post('https://api.robinhood.com/api-token-auth/', {
      username: 'email@email.com',
      password: '********'
    }, {
       headers: {'Access-Control-Allow-Origin': '*'}
    }).then(function (response) {
        console.log(response.data);
    })

However, when I try the same code with React in a browser, I receive the No 'Access-Control-Allow-Origin' error. If I enable Access-Control-Allow-Origin in Chrome, the error does not occur and I can login.

I have already included the Access-Contrl-Allow-Origin header. The problem seems to be a disparity between Node and React/Chrome?

What's allowing the code to run with Node but not with React/Chrome?

Node is not a browser and therefore it is not subject to CORS. — gforce301, Apr 11 '18 at 22:31
Have you enabled CORS in the server side ? https://enable-cors.org/server.html — colxi, Apr 11 '18 at 22:38

score 0 · Answer 1 · answered Apr 12 '18 at 00:15

Browsers send a security-mandated OPTIONS request ahead of POST requests to find out if the server it is requesting to intends to receive requests from the domain the browser is presently at. The browser is refusing to send a request to a server which has not opted into the traffic by responding to the OPTIONS request with the appropriate Access-Control* headers.

Running from the node repl has no such restriction.

This question goes into better detail: How does the Chrome browser decide when to send OPTIONS?

What's the difference between a POST request run with Node and a request sent with React/Chrome?

1 Answers1