Security Intermediate

What is CORS (Cross-Origin Resource Sharing)?

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

CORS extends the same-origin policy to allow controlled cross-domain requests. The server uses HTTP headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods) to specify which origins can access its resources.

Preflight requests (OPTIONS method) check permissions before actual requests for certain request types. CORS issues are common during development when frontend and backend run on different ports. Proper CORS configuration balances security with functionality.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

An authorization framework that allows third-party applications to access user resources without sharing passwords.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

View All Security Terms →