Hello, I found an article on (JSON Web Token Introduction - jwt.io) website about JWT, cookies, and Authorization.
However, it states, “If the token is sent in the Authorization header, Cross-Origin Resource Sharing (CORS) won’t be an issue as it doesn’t use cookies.” This made me wonder why cookies exacerbate CORS issues.
I did some research on Google, and from what I understand, if the server (like in Spring) does not set setAllowCredentials(true), CORS issues may arise, thus using the Authorization header to pass the JWT might avoid these CORS problems.
In website statement, “If the token is sent in the Authorization header, Cross-Origin Resource Sharing (CORS) won’t be an issue as it doesn’t use cookies,” does it imply that using cookies leads to CORS issues because of the need to set setAllowCredentials(true)?