You are not logged in.
I have two web applications, each hosted on a different port. Application A sends a request to application B. I expect this request to fail and the console print an error related to CORS. In reality, this request is successful. I don't have this problem on a different machine. I would like to understand how I can fix Firefox so that it enforces this policy.
Offline
What does your web app use as
Access-Control-Allow-Originheader?
Offline
I don't see that header in the response or request.
Here are the request headers.
GET /api/notes HTTP/1.1
Host: localhost:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Origin: http://localhost:5002
Connection: keep-alive
Referer: http://localhost:5002/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cacheHere are the response headers.
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 628
ETag: W/"14d-EewPFSU5tEz/zdlVX+VQ4yewkX8"
Date: Sat, 19 Apr 2025 19:23:16 GMT
Connection: keep-alive
Keep-Alive: timeout=5Offline