I finally understand CORS. Thank you for this great series!

Although I appreciate the series, this specific video contains some misleading statements: - At 2:54, "CORS is blocking [...]". Don't conflate the Same-Origin Policy (SOP) and CORS. The latter is only meant to relax the former's restrictions. As such, CORS isn't blocking anything; the SOP is. - From 4:28 onwards, Nic explains that CORS acts a defence against CSRF attacks. That is not the case. In fact, activating CORS may open the door to more cross-origin attacks than would otherwise be possible. - At 5:55, Nic implies that a preflight request is unconditionally issued whenever the client attempts to send a cross-origin request. That's incorrect; some requests, colloquially known as 'simple', do not give rise to preflight requests.

You are a treasure! Thank you for your work!

ultimate thanks man now my bug fixed

Struggled with CORS in a node app I worked on. Got a lightbulb when you said allowed origins must be set on the backend.

Good explanation and nice example of gorilla. I had this exact problem some months ago and wish I'd discovered this video back then, would have saved me some lost hair!

thank you very much, amazing tutorial

Hi Nic, thank you for this. Even though I've been using go for a while now, there have been some nice hints in this series. The question I have is if CORS is still a problem if you serve the React site from within go? For example, the site is returned from /index.html and your service is on /api/products.

hi nic~ What is the syntax of ch(sm) on line 61? Why can it be wrapped in parentheses

The same error with POST requests. Looks like in Validate functions at middleware.

Thanks man

Someone misclicked the like button