Security Intermediate

What is CORS (Cross-Origin Resource Sharing)?

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

CORS extends the same-origin policy to allow controlled cross-domain requests. The server uses HTTP headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods) to specify which origins can access its resources.

Preflight requests (OPTIONS method) check permissions before actual requests for certain request types. CORS issues are common during development when frontend and backend run on different ports. Proper CORS configuration balances security with functionality.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

View All Security Terms →