CORS (Cross-Origin Resource Sharing) and SOP (Same-Origin Policy) are server-side configurations that clients decide to enforce or not.
Related to clients
- Most Browsers do enforce it to prevent issues related to
CSRFattack. - Most Development tools don’t care about it.