🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Web Development Intermediate

What is Cross-Origin Resource Sharing (CORS)?

An HTTP mechanism that allows web pages to request resources from a different domain than the one serving the page.

CORS relaxes the browser's Same-Origin Policy to enable controlled cross-domain requests. When JavaScript on domain-a.com fetches from api.domain-b.com, the browser sends an Origin header. The server responds with Access-Control-Allow-Origin specifying permitted origins. Complex requests (PUT, DELETE, custom headers) trigger a preflight OPTIONS request. Key headers include Access-Control-Allow-Methods (permitted HTTP methods), Access-Control-Allow-Headers (permitted request headers), Access-Control-Allow-Credentials (cookies), and Access-Control-Max-Age (preflight cache duration). CORS misconfiguration is a common source of both bugs (blocked requests) and security vulnerabilities (overly permissive origins).

Related Terms

MVC (Model-View-Controller)
An architectural pattern that separates an application into three components: data (Model), interface (View), and logic (Controller).
Lazy Loading
A technique that delays loading non-critical resources until they are needed, improving initial page load performance.
PHP
A widely-used server-side scripting language designed for web development that powers over 75% of websites including WordPress.
Server-Sent Events
A server push technology that enables a server to send real-time updates to a browser over a single HTTP connection.
Content Negotiation
An HTTP mechanism where client and server agree on the best representation of a resource based on format, language, or encoding preferences.
REST (Representational State Transfer)
An architectural style for designing networked applications using standard HTTP methods and stateless communication.
 View All Web Development Terms →