2

I'm trying my hand at web dev after a few years of pause and CORS seems to have gone off the deep end.

why does

<script type="module" src="./index.js"></script>

result in a CORS error? I'm loading a local file (file://) that wants to load another local file. I don't get why CORS even complains, they're both from the same origin, after all.

Tom
  • 2,688
  • 3
  • 29
  • 53
  • 1
    Possible duplicate of [Deadly CORS when http://localhost is the origin](https://stackoverflow.com/questions/10883211/deadly-cors-when-http-localhost-is-the-origin) – Get Off My Lawn Sep 14 '19 at 23:04
  • 2
    Not a duplicate of that. I am loading via file://, not via http://localhost. No webserver is even involved. – Tom Sep 14 '19 at 23:10

1 Answers1

6

CORS comes into play when you load script using type="module". If you're not using the ES module features, you can remove that attribute and it will work fine.

As to why the origin is an issue here, when you load files locally via file://, the origin is effectively null, making all requests cross-origin. Browsers have a lot of restrictions in this context that have built up over the years due to security concerns. To get around these restrictions, the files have to be served by a web server so that an origin can be determined.

Brad
  • 159,648
  • 54
  • 349
  • 530