Postman is doing a “server-side” request, this is why it doesn’t contain origin in headers and it doesn’t make a pre-flight request that verifies origin.
Postman is doing a “server-side” request, this is why it doesn’t contain origin in headers and it doesn’t make a pre-flight request that verifies origin.