Sir your teaching is really great, I have seen lots of videos about this topic on yt but no one can teach you like this ,you are awesome Thank you so much from India

Simply superb. The way you reveal the intracies in such a clear, progressive way is fantastic. I finally understand CORS for the first time. Thank you so much.

Great job, Steve! Explained a complex topic very concisely and professionally! :)

This is excellent. A very difficult topic. Thanks for the hard work that went into this.

You’re truly a life saver! I’ve been searching for a video like this everywhere on the internet!!!

Seriously great video. I've been trying to figure all this out for days and this video was 100% exactly what I needed, really awesome stuff.

Oh my god. You made this SO clear, thank you so much, I was breaking my head around this concept, trying to set things up with AWS. Many MANY thanks, from France, best regards !

Such a clear explanation of everything! Loved it.

I was suffering with cookies and fetch until now. Thank you so much

That's the best CORS explanation ever!! thank you!!!

This channel never disappoints with a true sting

Super insightful, prof! I really appreciate what you have done for me in my career as an engineer! You have really my skills in a way I could only have dreamed of! Blessings!

Saved tons of time! Thanks🙏

You deserve 1 million likes, thanks a lot !

Excellent job, thank you so much.

Wow. This is absolute gold! Thank you so much for doing this! There are so many things to this that I'm going to have to watch this a few times, but that's not your fault. Your explanation is really good. I will take some time to wrap my head around this haha

Great explanations. Thanks.

Absolute great content ! THX :)

easy to understand with you, thank you

That was very helpful, thank you

Excellent video.

I can't express my appreciation

You were right, I keep coming back to this video haha

You cool bro. From Belarus with brother's love

Cannot thank you enough. Going through tens of SO posts, but seeing everything in one place like this helped click it all together.

Thank you!

Thank you !!

I was actually looking for the cookies content. Was stuck in a MERN project and can't able to access the backend cookies 🍪 on to the frontend. Thanks for the video.

damn this shit is a whole lot more convoluted than i ever thought haha And I've been doing web things since 2000s.

Thanks Steve for the video. Do you have video for passing Authorization in header for CORS

my dude steve is the bob ross of programming

great 10x :-)

really great video. Was using req.origin as the "allow-origin" value just for demo? For CSRF protection in production, is that ok? I can't find a proper way to use auth jwt http-only in a public b2c style app because http-only requires credentials: true which requires known origins which for an publicly open app we won't know.. Thanks so much.

Great video! Though I've been having issues setting my cookie in the browser when I have my server deployed on Heroku and my frontend deployed on Netlify. It works on localhost but not in production. Do you happen to have any idea why the cookie is not being set? The cookie is being passed to the response in the Set-Cookie header, but for some reason it is not being set in the response.

Does cors enabled server treat the domain name as cross origin or same origin? I mean the host ip could be considered as 127... and localhost as domain name?

can you please help me im writing a server that sends session cookies (using express session), and a frontend website that makes request to it. It worked fine locally when i set up both the server and the website on different ports and also got the warning sameSite=lax when changed it to localhost. But when i deployed the server and the website, I changed to sameSite to none (as it will be cross site request) and set secure to true but even then I'm not receiving cookies from my response. pls help UPDATE: I tried setting samesite to lax and deployed it again, i got the same warning "samesite=lax should be set to none" and when i set to none, i get no cookie back :(

Hi Steve, I am still a little lost. How can someone use a JWT with cors then? Where else can I store it, if JS cannot access set-cookies?

hello I need help, I have links hls live streaming on these links I have to enable the cors support, because now the view of the live channels, after a minute is blocked, for this I have to enable sharing between the origins can you help me? Taking into account that I cannot access the server so I should bypass the cors, can you help me?

Hi good explanation Brother although my problem has not been fixed, I use react with laravel sanctum for jwt token I think there is a problem with how they handle cors or the axios does not work propery

saved my ass bro

Hey Steve, is this video still up-to-date? I'm working on a project with a very similar scenario... everything was working while on localhost, I read the mozilla documentations and had implemented everything as you have done in this video. However, when deploying it to a remote server and accessing it over https, the browser wont set the cookies from a cors request anymore, not even with a "Secure" attribute set. Now I am reading some comments on stack overflow, stating that browsers "generally refuse to set such third party cookies", which is in complete contradiction to your video and to the explanations on the mozilla doc... what is your opinion to all of this?

But fetch and cors are the same? I use fetch to bring data from an public api to my website without cors

What about set in browser a httpOnly cookie.?

A great video indeed sir, Please help me out here, I have created a rest API using node and express which i hosted at localhost:8080 and it working just fine with postman. Now i created a separate frontend project at localhost:5500 with vanilla js not any framework so i get the CORS error when fetching the api then i updated by backend use the cors and set the desired option and when i sent a request from port 5500 to port 8080 it set the cookie in res headers i mean api send back the token in res but the cookie get set at the api endpoint like i made a fetch a request from localhost:5500 to localhost:8080 and in response i get the json messge but the cookie has been set at the origin localhost:8080 , although i'm still able to access the cookie but why it set on the backend endpoint please help

Thank you. But you did not explain about fetching from a mobile device for example from an iphone. cross site cookies wont be sent. Can you please talk about this?

Doesn't work anymore, right? The warning also said the same around 30 mins in video

Can somebody segment this video?

Was it just me or you guys also noticed that there is an Om 🕉 sound in the background after 15:30 .

Thank you so much for your efforts 🌹🫶🫶 i had one problem that the Cookie Request header will not be sent in Firefox 106.0.5 64bit on ubuntu i will test. it on windows and leave a comment. i think this because 3rd party cookie are blocked by default in firefox