I am making two HTTP GET requests to my (server) webservice in Java from a PHP website I am developing currently. I use the same function for making the GET requests. Server rejects one request & returns null as response while it accepts the other one & returns the correct response. Both these GET requests when tried from Google Chrome's extension POSTMAN returns correct response. Why is server acting so weird like this?? For the request that server rejected, it says No 'Access-Control-Allow-Origin' header is present on the requested resource. Why is it so??? So, this means for the request that the server accepted, this particular header is present. I am confused.
The Access-Control-Allow-Origin is some kind of security-header sent by the server to prevent your server being called by random other servers but all processing of these headers is left to the client side. This means that your client-library (your webbrowser for example) checks if the domain currently visited is present in the Access-Control-Allow-Origin-Header. POSTMAN bypasses these checks (since it cannot currently visit any domain) and therefore always returns the response.
What you should check to prevent this issue from happening is that you always include the client-side-domain in Access-Control-Allow-Origin (or simply use * to allow all origins). Make sure to also include it in OPTIONS requests since they are often sent prior to POST or PUT requests. If your requests are just failing on a certain HTTP-Method make sure to also set the Access-Control-Allow-Methods-Header to include all required HTTP-Methods (or simply use *)
Since POSTMAN always accepts your request it’s a good tool to check if these headers are included in the response. If not, simply add them and you should be fine.