Do I need to enable CORS when my API is on a subdomain of my main website?

I have a RESTful api sitting at a subdomain of my website, so it is setup like below:

api.blah.com - RESTful api
blah.com - Website

When I try to do HTTP requests though, I get the following error:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '(index)' is therefore not allowed access.

I thought that because it was on the same domain, this should work, do I need to enable CORS or is there something else I need to do?

The API is built on ASP.Net Web API, and website is AngularJS based.

Thanks

Solution

Yes you have to enable it. You have to send CORS allow headers from server side to your browser. This is because a subdomain is a different origin. You probably have to allow HTTP methods like PUT, DELETE, OPTIONS as well. At least I guess angular sends that kind of requests too. You have to handle preflight requests (OPTIONS) by these new methods.

Supporting multiple languages in a REST API
RestClientException: Could not extract response. no suitable HttpMessageConverter found
C# .NET Implement DHL API Tracking
What Exception class type does Spring Boot throw when the user tries to access a REST endpoint whose path does not exist at the @RestController?
How to modify default spring boot not found url exception with custom message
Return string type from Spring Boot to Angular
TypeORM: update item and return it
REST collections, good practice to do: GET api/CollectionA/<collection id>/CollectionB?
what status code to throw when there is a concurrency error?
ERROR: insert or update on table "promos" violates foreign key constraint "fk_businesses_promos"
HTTP method names: upper or lower case?
Jersey message body reader not found in maven-built JAR
ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys
Best practice to return errors in ASP.NET Web API
How to get progress of file upload in percentage
How to configure JSON deserialization options in .NET minimal API project
XML Serializer not creating attributes
CORS error while consuming calling REST API with React
How to upload Multiple Images to rest API in Flutter?
Customize laravel sanctum unauthorize response
Error 415 when trying to merge PDFs by stirlingpdf.io with python
Laravel Api Help, Im getting a Null result when using json data from Site A using Site B Controller
Is HTTP status 202 appropriate for account creation, while waiting for a confirmation code?
How to make a large file accessible to external APIs?
HTTP Response code for "Please wait a little bit"
Why is requests (or urllib3) continuing to throw Timeout Value errors even though i did not change them?
How does middleware work in chi routing in Go and what does http.Handler argument refers to in middleware?
Unhandled Exception: type 'Null' is not a subtype of type 'Map<String, dynamic>'
How set Response body in javax.ws.rs.core.Response
How do I filter data in a restful way using Spring?