Access-Allow-Control-Origin does not restrict access from other domains

0

I'm creating an Api with Nodejs , where I set up the application header for Cross-Origin Resource Sharing to work properly.

app.use(function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "http://localhost:3000");
    res.header("Access-Control-Allow-Headers", "Content-Type");
    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
    res.header('Access-Control-Allow-Credentials', true);
    next();
});

Where in the code I restrict access only to localhost: 3000 can access the resources. res.header("Access-Control-Allow-Origin", "http://localhost:3000");

But even leaving only restricted access to one application, I can access the features of this Api from any Domain. What is the problem with Access-Control-Allow-Origin that does not work?

    
asked by anonymous 10.12.2018 / 18:41

0 answers