Web Development Intermediate

What is Cross-Origin Resource Sharing (CORS)?

An HTTP mechanism that allows web pages to request resources from a different domain than the one serving the page.

CORS relaxes the browser's Same-Origin Policy to enable controlled cross-domain requests. When JavaScript on domain-a.com fetches from api.domain-b.com, the browser sends an Origin header. The server responds with Access-Control-Allow-Origin specifying permitted origins. Complex requests (PUT, DELETE, custom headers) trigger a preflight OPTIONS request. Key headers include Access-Control-Allow-Methods (permitted HTTP methods), Access-Control-Allow-Headers (permitted request headers), Access-Control-Allow-Credentials (cookies), and Access-Control-Max-Age (preflight cache duration). CORS misconfiguration is a common source of both bugs (blocked requests) and security vulnerabilities (overly permissive origins).

Learn More About This Topic

JavaScript ES6+ Modern Features

Related reading

JavaScript Fundamentals

Related reading

Laravel Framework Fundamentals

Related reading

Related Terms

Structured Data (Schema.org)

A standardized vocabulary for marking up web content so search engines can understand and display it as rich results.

A JavaScript file that runs in the background, enabling offline support, push notifications, and background sync for web apps.

WebAssembly (Wasm)

A binary instruction format that enables near-native performance execution of code in web browsers alongside JavaScript.

Static Site Generator (SSG)

A tool that generates a complete static HTML website from templates and content at build time, requiring no server-side processing.

A vocabulary for validating the structure and content of JSON data, ensuring API requests and responses conform to expected formats.

Server-Sent Events (SSE)

A web technology enabling servers to push real-time updates to browsers over a single HTTP connection, simpler than WebSockets.

View All Web Development Terms →