Security Intermediate

What is CORS (Cross-Origin Resource Sharing)?

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

CORS extends the same-origin policy to allow controlled cross-domain requests. The server uses HTTP headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods) to specify which origins can access its resources.

Preflight requests (OPTIONS method) check permissions before actual requests for certain request types. CORS issues are common during development when frontend and backend run on different ports. Proper CORS configuration balances security with functionality.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

A technique that controls the number of requests a client can make to a server within a specified time period.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

View All Security Terms →