🎁 New User? Get 20% off your first purchase with code NEWUSER20 Β· ⚑ Instant download Β· πŸ”’ Secure checkout Register Now β†’
Menu

Categories

Web Development Intermediate

What is Cross-Origin Resource Sharing (CORS)?

An HTTP mechanism that allows web pages to request resources from a different domain than the one serving the page.

CORS relaxes the browser's Same-Origin Policy to enable controlled cross-domain requests. When JavaScript on domain-a.com fetches from api.domain-b.com, the browser sends an Origin header. The server responds with Access-Control-Allow-Origin specifying permitted origins. Complex requests (PUT, DELETE, custom headers) trigger a preflight OPTIONS request. Key headers include Access-Control-Allow-Methods (permitted HTTP methods), Access-Control-Allow-Headers (permitted request headers), Access-Control-Allow-Credentials (cookies), and Access-Control-Max-Age (preflight cache duration). CORS misconfiguration is a common source of both bugs (blocked requests) and security vulnerabilities (overly permissive origins).

Related Terms

OAuth Scope
A mechanism in OAuth that limits an application's access to a user's account to specific resources or actions.
Web Components
A set of browser-native APIs for creating reusable, encapsulated custom HTML elements with their own styling and behavior.
TypeScript
A typed superset of JavaScript that adds static type checking, interfaces, and advanced IDE support to JavaScript development.
Progressive Enhancement
A web design strategy that starts with basic functionality for all browsers and progressively adds advanced features for capable ones.
Sitemap XML
An XML file that lists all important URLs on a website, helping search engines discover and crawl content efficiently.
Responsive Design
A web design approach that makes web pages render well on all screen sizes using flexible layouts and media queries.
 View All Web Development Terms β†’