If you are working with WebAPIs, you inevitably will have to deal with CORS. This is a good read for the uninitiated. I won't go into the specifics of how browsers issue, and servers handle (or should handle) CORS, but at a high level, the following sequence of events occur when you need to update/create a resource from a domain other than the one your app originates from. Client web app from domain "foo.com" issues a POST/PUT/PATCH to a resource on domain "bar.com" The browser needs to know whether ......