jQuery Ajax - POST from Localhost Generates No 'Access-Control-Allow-Origin' header

Question

I thought I understood CORS, but there is something I do not understand apparently. I have an app that I am trying to run from localhost. This app needs to POST a request to Azu

Answer 1

Azure Search only allows query operations to be performed via CORS, not management or indexing operations (see MSDN for details on Azure Search support for CORS).

The reason for this is that browser-based clients need access to the api-key, and sharing an admin key (which is necessary for index write operations) is inherently insecure. For scenarios where the data in an index is supposed to be publicly available, publicly disclosing a query key is ok, but you should never hand an admin API key to a browser-based client.