I set up cors in azure storage (URL-for example: www.abc.com, GET, * , *, 200)
Then i just copy the link from storage
And use it on postman or localhost (web), but still can display pictures, is it normal?
I suppose postman and localhost website will not be able to get images, once cors is set up for azure storage.
CORS prevents cross domain requests that are usually send by AJAX requests. If such a request is send from your browser it will perform a preflight request to see if your current domain is allowed to make such a request. As example it would prevent this site from sending a POST
request in the background to api.<yourbank>.com
to transfer money.
It won't stop anybody from embedding an image or other file on their website as the browser won't perform such a preflight request unless they call the resource through an AJAX request. Likewise Postman won't do that as it's a testing tool where you explicitely define the request you want to send without being on another 'domain'.