No Content being Loaded in Single-Page Web Application

A single-page web application was being served by a web server and was supposed to interact with another web server to load content like posts, comments and ratings. Although the web application could be loaded and the overall structure was visible, no content was being displayed. Looking at the console with Firefox's inspector tool revealed that the request to the other web server, an API proxy, was blocked by Firefox because the request was cross-origin and the other web server did not explicitly allow such a request. The initial solution was to allow any cross-origin requests by adding a `Access-Control-Allow-Origin` header with `*` (any origin) to any responses of the API proxy. This solved the problem but was not ideal. The better solution would have been proxying the web application through the API proxy too, so that the default – same-origin policy – would apply again.
2 answers