To bypass this restriction, Postman sends this request to its proxy server () which then forwards the request to the intended endpoint. Therefore the browser will throw a CORS error if Postman tries to directly send this request. The origin or the referrer of the request and the request URL both are on different domains. That means requests are sent from the above URL to our Requestly Mock endpoints. In our case, the referrer in the requests represents the domain from which the request is sent which is of the form "" Visually here’s what CORS is to help you understand better:
If the domains do not match, the browser blocks the request and throws a CORS error. So when a request is made through Postman, it is intercepted by the browser, which checks whether the domain that the request is being made to is the same as the one from which the request originated.
This security check is in place to prevent malicious scripts from performing actions on behalf of the user without their knowledge. CORS is a security feature implemented in web browsers that prevent web pages from making requests to a different domain than the one that the page originated from. The reason why Postman can't send an HTTP request directly to the endpoint that you want to test is due to the Cross-Origin Resource Sharing (CORS) mechanism implemented by web browsers. Consequently, any request made through Postman web must pass through the browser first. The answer lies in the fact that all requests go through Postman's web application via the browser. Why can’t Postman directly send an HTTP request to the endpoint we want to test directly? But it’s finally time to address the elephant in the room. It was fun inspecting the network tab and trying to make sense of what’s happening under the hood when you send a GET and POST request with Postman. Why does Postman send requests to their own Server? Looks like a POST request is more or less straightforward to understand once you’ve managed to decode a GET request. Once installed, head over to Requestly's Mock Server and click on Create new mock API. We’ll then inspect the network tab in the chrome dev tools to figure out how Postman communicates with the actual API endpoint that we test.įirst, let’s quickly set up a mock server with Requestly - an open source browser extension that fast tracks your web debugging process. We’ll work with two simple requests today - a GET request and a POST request. If you’ve ever used Postman before, this should appear familiar. We'll then analyze the behaviour of Postman using the network tab of our browser's DevTools, allowing us to deconstruct the application's operations. To do this, we'll use Requestly Mock Server to create a couple of dummy API endpoints. We will delve into the inner workings of Postman's web application and explore what transpires when you use it to test your HTTP requests. In this article, we will learn how Postman Web works and HoppScotch indeed works very similarly. However, after the success of the HoppScotch Open Source Web-based Rest API client, Postman also launched their web-based API client.īut have you ever contemplated how Postman operates behind the scenes? Fortunately, debugging web applications today is a breeze, as the comprehensive Chrome DevTools enable you to deconstruct any application on the web. It started with a Chrome extension which later got deprecated, so they moved into the desktop app. Postman is an exceptionally well-regarded REST API client that developers rely on to construct and evaluate their APIs.
0 kommentar(er)
