google chrome - CORS issue doesn't occur when using POSTMAN

Question

I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that

No Access Control Allow Origin Header is present on the Requested resource.

The solution was ofcourse to add such an header to the API. However strangely, When I sent the the same request through POSTMAN I was able to get back the response.

So I want to know how is sending a request through POSTMAN different from sending a request through browser.

I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.

Answer 1

From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:

Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.