Cross-Origin Resource Sharing (CORS) Lab

Attempting to read data from https://webapp.kr-rezvan.ir/api/secret-data which does NOT have CORS headers allowing this domain.

Test 1: Standard Fetch

Standard cross-origin request. Browser will enforce Same-Origin Policy.

Test 2: No-CORS Mode

Forces request using mode: 'no-cors'. Network request happens, but JS cannot see data.

Browser Console Output 

        

    


    
    
        🏠 Back to Lab Directory