Our team was developing an android application using the ionic framework in angular js. We use the laravel framework in php for backend. In laravel, we use the passport package to provide API for the Front end team(Ionic Team).
When we try this every link is showing like
Cross-Origin Read Blocking (CORB) blocked cross-origin response http://example.com with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
When we tried in POSTMAN application, yeah it works very well.
I have two questions,
One is how its work in postman and does not work when we preview the ionic app in Chrome or Firefox?
The second one is we searched and got a solution to add the header
Is allowing this access is good practice? Would it do any harm in the future?(I am asking this question because someone already hacked my dummy sites database, which was completely the same practices)