🎁 New User? Get 20% off your first purchase with code NEWUSER20 Β· ⚑ Instant download Β· πŸ”’ Secure checkout Register Now β†’
Menu

Categories

Web Development Intermediate

What is Cross-Origin Resource Sharing (CORS)?

An HTTP mechanism that allows web pages to request resources from a different domain than the one serving the page.

CORS relaxes the browser's Same-Origin Policy to enable controlled cross-domain requests. When JavaScript on domain-a.com fetches from api.domain-b.com, the browser sends an Origin header. The server responds with Access-Control-Allow-Origin specifying permitted origins. Complex requests (PUT, DELETE, custom headers) trigger a preflight OPTIONS request. Key headers include Access-Control-Allow-Methods (permitted HTTP methods), Access-Control-Allow-Headers (permitted request headers), Access-Control-Allow-Credentials (cookies), and Access-Control-Max-Age (preflight cache duration). CORS misconfiguration is a common source of both bugs (blocked requests) and security vulnerabilities (overly permissive origins).

Related Terms

Web Caching Strategies
Techniques for storing copies of web resources at various levels to reduce server load, bandwidth, and response times.
REST (Representational State Transfer)
An architectural style for designing networked applications using standard HTTP methods and stateless communication.
Structured Data (Schema.org)
A standardized vocabulary for marking up web content so search engines can understand and display it as rich results.
Content Negotiation
An HTTP mechanism where client and server agree on the best representation of a resource based on format, language, or encoding preferences.
gRPC
A high-performance RPC framework using Protocol Buffers and HTTP/2 for efficient service-to-service communication.
JSON Schema
A vocabulary for validating the structure and content of JSON data, ensuring API requests and responses conform to expected formats.
View All Web Development Terms β†’