1

Consider a client makes an HTTP request to server 1 which returns an html page with embedded JavaScript which makes an AJAX call to server 2 on a completely different domain.

Which server - server 1, or server 2 (or both) does CORS (Cross Origin Resource Sharing) need to be enabled?

barrypicker
  • 9,740
  • 11
  • 65
  • 79

1 Answers1

2

Server 2.

Server 1 doesn't matter, once the page is loaded from server 1, it can call anything. If it's another domain then Server 2 has to allow it.

Marcel
  • 954
  • 8
  • 22