You explained in 13 mins what I spent hours reading and not comprehending. Thanks!
@Ashotofcode3 жыл бұрын
Glad it helped Doran!
@jeroincababat565Ай бұрын
I appreciate that you didn't cut the video when you encountered an error. It demonstrates what happens in real-world coding.
@AshotofcodeАй бұрын
Cool thanks :-)
@tedisrozenfelds76302 жыл бұрын
I liked that you failed couple of times and then debugged your own code. That actually showed some common mistakes that can be made and should be avoided!
@Ashotofcode2 жыл бұрын
Cool thanks Tedis 😀
@maspoetry13 жыл бұрын
i merge to the crowd, great video. thanks. I like when you solve the problems in real time, without editing.
@Ashotofcode3 жыл бұрын
No problem!
@Hamza_lachgarАй бұрын
Thanks for this amazing tutorial. it clarifies my knowledge about CORS
@ArijeetSarkar73 жыл бұрын
It helped me understand what is CORS and I solved a real world problem. The problem was the origin doesn't support any headers and I was sending one. After I removed, it started working.
@Ashotofcode3 жыл бұрын
Excellent, glad it helped Arijeet :-)
@tajsec4983 жыл бұрын
whole day I was struggling with this :)) your explanation was clearrr, thanksss
@Ashotofcode3 жыл бұрын
Glad it helped! :-)
@mujthabahassan76144 жыл бұрын
Thanks a lot, I was scratching my head a lot over this but you explained it briefly yet comprehensively
@Ashotofcode4 жыл бұрын
Hi Mujthaba, glad it was helpful 😀
@suryakiran22074 жыл бұрын
More simplified, thanks a lot for great explanation.
@micahnewsum36673 жыл бұрын
Props to this guy for live coding.
@Ashotofcode3 жыл бұрын
Thanks Micah :-)
@dhruvpatel69374 ай бұрын
Very clear explanation, thank you kind sir!
@Ashotofcode4 ай бұрын
Welcome :-) Cheers Mark
@YosepRA3 жыл бұрын
So it's all about the back-end setting up CORS headers, and the browser will try to find these headers to determine whether there's CORS violation or not.
@Ashotofcode3 жыл бұрын
Yep that's a good summary I'd say😀
@joespinelli36044 жыл бұрын
Awesome stuff! Thanks for being so clear and the example was very easy to follow:)
@wesleygomes4154 Жыл бұрын
man, thanks a lot for sharing this knowledge. You made this topic very clear to me now!
@MrParanos3 жыл бұрын
Very clear and useful, yet there is still something my mind can't put hand on : in what are CORS useful ? Regarding how easy it is to go arount it... :/
@Ashotofcode3 жыл бұрын
CORS is actually more about relaxing the existing security, so by default only requests from your own site can be made, which is the same-origin policy. With CORS we can allow other sites to access also. So one good scenario is when our API is on a different domain to our website - in this case CORS will allows us to let the website access our API - as otherwise will be blocked by the same origin policy. Another case is simply a public API and we want to allows anyone to call it, say a weather api, by default it is restricted to just the domain it runs under, so we add CORS to relax this security and allow anyone to call it. So CORS itself is not something to get around - that is the same origin policy - which is pretty locked down in browsers. Cheers Mark
@user-ii5lr1td8hАй бұрын
Watched once subscribed twice.
@anishamalynur77484 жыл бұрын
hey quick question one of the options to fix the error was "If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." could you explain this?
@Ashotofcode4 жыл бұрын
Hi Anisha, good question, this would be if you simply wanted to check that the service existed, in that it returns a success code, but without any data. I'm not sure when this would be useful, but there are cases I guess. Cheers Mark
@dartme183 жыл бұрын
kzbin.info/www/bejne/pnW4kJ2keZeLpqc ; different Anisha I assume :-P
@jessandgary5940 Жыл бұрын
Finally, i get it! Thanks.
@Ashotofcode Жыл бұрын
Glad it helped! Cheers Mark 🙂
@jig457611 ай бұрын
Awesome video
@Ashotofcode10 ай бұрын
Thanks! Cheers Mark 🙂
@nyplace1 Жыл бұрын
phenomenal explanation!
@jamesscott-nicholson38083 жыл бұрын
Thanks for the video, that's cleared it up for me nicely :). If CORS is something only handled by the browser, I suppose that makes it a fairly weak piece of security. Could a browser / extension be made that simply ignores CORS or injects in the necessary header?
@Ashotofcode3 жыл бұрын
Thanks James, I'm not really up on the capabitilites of extensions, but they have full control so would think they would be able cause problems here yes. Cheers Mark
@abhijithk13973 жыл бұрын
yes, you can find extensions in chrome store that disable CORS
@giorgidzidziguri61011 ай бұрын
best tutorial out there
@Ashotofcode11 ай бұрын
Thanks!
@michi199357 ай бұрын
One question - maybe anyone knows: Why can i not log out the json response one the first .then method?
@shivarammuthukumaraswamy71643 жыл бұрын
wonderfully explained.TYSM
@Ashotofcode3 жыл бұрын
Glad it was helpful Shivaram! Cheers Mark :-)
@BB8550364 жыл бұрын
Great explanation. Thanks!
@Ashotofcode4 жыл бұрын
You're welcome!
@sabithapoladi56204 жыл бұрын
very good explanation
@ninjarogue3 жыл бұрын
Thank you!!! I really appreciate the video!
@Ashotofcode3 жыл бұрын
Glad it was helpful Aric :-)
@balapraneeth97084 жыл бұрын
Great video. Helped a lot. Thanks mate :)
@Ashotofcode4 жыл бұрын
Glad it helped :-)
@WolfgangPedain Жыл бұрын
well done
@Ashotofcode Жыл бұрын
Thanks :-)
@saqlainmushrif6453 Жыл бұрын
Can cors be exploited if some token is in URL?? (GET METHOD) Arbitrary origin is reflected in response with ACAO & ACAC but the token is in URL
@ttoktassynov3 жыл бұрын
well explained! thanks
@Ashotofcode3 жыл бұрын
Glad you liked it Timur :-)
@CryptoJitsu3 жыл бұрын
Great vid, thank you! QUESTION: When the API does not send back the response header [access-control-allow-origins]... I'm assuming it's still sending back the data in the response body... because the decision to show or not is being done by the receiving browser. This seems insecure and dangerous and something a hacker could get around, no?
@Ashotofcode3 жыл бұрын
Thanks! Good question - Yes I think you are correct in that the data will be returned - the browsers are pretty solid though so I would think safe - this takes place internally in the browser so not something you can attack with Javascript really. Cheers Mark
@CryptoJitsu3 жыл бұрын
@@Ashotofcode thanks!
@smashed58264 жыл бұрын
The explanation was not deep enough, in this video you just explianed CORS is browser security policy stuff and seeing you tried it out for direct access on browser and via ajax call. It could be deeper to explain why browser needs this; what kind of attacks could be implemented if no this security policy on browser; What headers needs to be added to allow browser calls a cors resource, different browsers or same browser with different versions treat different headers to allow CORS; server side API header settings to control the access the resource in different scenarios etc.
@thisurathenuka83623 жыл бұрын
Nice explanation ❤
@Ashotofcode3 жыл бұрын
Glad you liked it Thisura :-)
@unknownqweasd3 жыл бұрын
it was very helpfull, thank you!
@Ashotofcode3 жыл бұрын
Glad it was helpful! Cheers Mark
@mineralisk4 жыл бұрын
Thanks for making the video
@ashwinisidhu4 жыл бұрын
shot & easy. Thanks
@iQCudi3 жыл бұрын
amazing
@Ashotofcode3 жыл бұрын
Thank you! Cheers!
@louisecrowe49683 жыл бұрын
Thanks great video :)
@Ashotofcode3 жыл бұрын
Glad you liked it Louise. Cheers Mark :-)
@ganeshk86823 жыл бұрын
Thanks..
@Ashotofcode3 жыл бұрын
Welcome
@arfan85444 жыл бұрын
Thank You very much. 🤘
@Ashotofcode4 жыл бұрын
Thanks SM, glad it was useful 😀
@jagadeeshg37564 жыл бұрын
WoW, Thank you so much!
@ameyapatil11394 жыл бұрын
Excellent ! Thanks !
@erdemarslan33713 жыл бұрын
thx very clear!!
@Ashotofcode3 жыл бұрын
Thanks Erdem :-) glad it was useful.
@ValentinTruta3 жыл бұрын
Arrow functions return by default if code is on the same line.
@Ashotofcode3 жыл бұрын
Nice thanks Valetin!
@daminduliyanage3 жыл бұрын
Thank You 👍🏻👍🏻
@JulienReszka3 жыл бұрын
audio is very low volume, I wish it wasn't that low
@tonyj44354 жыл бұрын
Thanks bro
@Ashotofcode4 жыл бұрын
Welcome 😎
@addtyu61763 жыл бұрын
I closed the video immediately after seeing Microsoft Edge being used....
@Ashotofcode3 жыл бұрын
lol fair play :-)
@trumbaron Жыл бұрын
Confusing for me...
@dartme183 жыл бұрын
RIP, SWAPI
@Ashotofcode3 жыл бұрын
D'oh yep it has died!
@dartme183 жыл бұрын
@@Ashotofcode Someone posted a duplicate pretty quickly after SWAPI died (that was six months ago I think?). Our company used SWAPI for interview exercises, so we were happy to see the replacement!
@Ashotofcode3 жыл бұрын
@@dartme18 Ah yes, swapi.dev, cool thanks!
@Derekbylck3 жыл бұрын
=> return
@Ashotofcode3 жыл бұрын
Ah yes that one gets me a lot! thanks
@aravind44443 жыл бұрын
please explain with diagram
@ronaldlogan35253 жыл бұрын
very poorly explained, uses tools people may not be familiar with, the actual subject is almost ignored