Do I need to enable CORS when my API is on a subdomain of my main website?

I have a RESTful api sitting at a subdomain of my website, so it is setup like below:

api.blah.com - RESTful api
blah.com - Website

When I try to do HTTP requests though, I get the following error:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '(index)' is therefore not allowed access.

I thought that because it was on the same domain, this should work, do I need to enable CORS or is there something else I need to do?

The API is built on ASP.Net Web API, and website is AngularJS based.

Thanks

Solution

Yes you have to enable it. You have to send CORS allow headers from server side to your browser. This is because a subdomain is a different origin. You probably have to allow HTTP methods like PUT, DELETE, OPTIONS as well. At least I guess angular sends that kind of requests too. You have to handle preflight requests (OPTIONS) by these new methods.

file_get_contents(): SSL operation failed with code 1, Failed to enable crypto
GraphQL readiness for .net development
REST API - Handling an empty body in PATCH
How can i get data from custom post type using WP REST API
Implementing custom methods of Spring Data repository and exposing them through REST
How do I submit requests to REST api in batches in SpringBoot?
increase python REST requests efficiancy
RestClientException: Could not extract response. no suitable HttpMessageConverter found
What is the real difference between an API and an microservice?
No connection could be made because the target machine actively refused it 127.0.0.1:3446
Which is better for Dynamic querying String Builder or string buffer?
Log REST-requests to file with unique request-id
HTTP method names: upper or lower case?
REST. Make order request
Correct use of files.getUploadURLExternal in Curl command line
Detect client connection drop using Jersey/Java
How to control exception while developing RESTful API with Java?
Django REST Framework Login
api platform - Unable to generate an IRI for the item
TripAdvisor is adding -mapper to my API key
How can I make Laravel return a custom error for a JSON REST API
Spark Send DataFrame as body of HTTP Post request
Use $batch to bulk break SharePoint List items permission inheritance
GET request not supported in custom API in Business Central. "BadRequest_MethodNotAllowed"
Hyphen, underscore, or camelCase as word delimiter in URIs?
Should I use Singular or Plural name convention for REST resources?
RESTful resources: Plural vs. singular when a resource is always singular in the database
Customize Global Exception Handler in java Spring Boot
Custom @ControllerAdvice in Spring for exception handling
How to handle MethodArgumentTypeMismatchException and set a custom error message in spring boot?