I am trying to find out why many developers disable CORS by default in

Question

0

Asked: June 17, 20262026-06-17T04:48:38+00:00 2026-06-17T04:48:38+00:00

I am trying to find out why many developers disable CORS by default in

0

I am trying to find out why many developers disable CORS by default in their REST API offerings? Is security the main concern? From the W3C wiki article on CORS support, it looks like it is fairly simple to add CORS support (add a header Access-Control-Allow-Origin with value ‘*’ on the server)

I recently ran into issues when trying to write a simple javascript only app to access Azure tables and other Rest APIs like the ones from Panoptix and ProductWIKI. They had some great REST APIs but wouldn’t allow CORS. Azure tables in specific has a stringent authentication process associated with their REST API calls and in spite of that it wouldn’t let CORS (at least for the moment).

I would like to hear from developers and Admins of RESTFul APIs on their reasoning behind enabling/disabling CORS for your API offerings? Is security/traffic/compatibility the main concern or is there anything more to it?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T04:48:40+00:00

Editorial Team

2026-06-17T04:48:40+00:00Added an answer on June 17, 2026 at 4:48 am

When I make Web services I leave off CORS because it is the default setting and only add it if the project requires public browser access to our services. Why same-origin policy is the default is a different question. I’ve never seen the advantage in disallowing Ajax access from other domains.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to find out why many developers disable CORS by default in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply