1

So, in the browser, fetch returns a promise that returns a promise. The first for an OPTIONS http call which is sometimes a 'preflight CORS' thing, and the second a response to your original request.

In Node.js when you use the https.request() function or many of the libraries, this pattern isn't followed. Is that because there is no options call when you make an http call from a server?

Costa Michailidis
  • 7,691
  • 15
  • 72
  • 124
  • Possible duplicate of [CORS - Is it a client-side thing, a server-side thing, or a transport level thing?](https://stackoverflow.com/questions/36958999/cors-is-it-a-client-side-thing-a-server-side-thing-or-a-transport-level-thin) – zero298 Jun 26 '18 at 15:04
  • 1
    It's mostly because a server2server doesn't need to follow CORS. It's usually only client2server. The important quote from that linked question is: *"CORS and the same origin policy are needed because a browser does not implicitly trust the websites it visits. They don't protect the origin site, they protect the site receiving the cross origin request."* – zero298 Jun 26 '18 at 15:05
  • Interesting... Cool! So, I just need to think about fetch and whatever node.js library I use as very different. That's gonna be a little confusing. It's ok : ) – Costa Michailidis Jun 26 '18 at 15:13
  • 1
    Well, whenever I write node code and want the feel of `fetch`, I usually use `node-fetch` which has a [list of client/server differences](https://github.com/bitinn/node-fetch/blob/master/LIMITS.md), the first of which explicitly talks about ignoring CORS. – zero298 Jun 26 '18 at 15:15
  • That's what I'm using at the moment. I was thinking of r2 as well. – Costa Michailidis Jun 26 '18 at 15:59

0 Answers0