Who should be responsible for handling CORS issues?

Question

I am developing a Laravel based GraphQL API for mobile and web applications. One of the front-end developers asked me to disable CORS on the server side because he can't use the API due to CORS issues. His Vue app on localhost is making requests to my test API, which is at a URL.

As far as I understand, this is not a problem on the server side, CORS is a security measure for the server. I believe, for development, the Vue developer needs to solve this problem by adding a proxy on his localhost.

Answer 1

Both of you are responsible for completing this application, blaming each other will not solve the problem. This is not a technical issue.

Adding a proxy to the front-end development environment is one way to solve this problem. Another way is to whitelist the domain they are working on, or even add wildcards as the front-end developers suggest. CORS is a security feature, but is meaningless for a development environment that does not contain any production data. Being able to get your development environment up and running without too much hassle helps increase productivity.

work together. Your responsibility is to create an application, and without a front-end, you cannot complete the task of delivering the application.