🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Web Development Intermediate

What is Cross-Origin Resource Sharing (CORS)?

An HTTP mechanism that allows web pages to request resources from a different domain than the one serving the page.

CORS relaxes the browser's Same-Origin Policy to enable controlled cross-domain requests. When JavaScript on domain-a.com fetches from api.domain-b.com, the browser sends an Origin header. The server responds with Access-Control-Allow-Origin specifying permitted origins. Complex requests (PUT, DELETE, custom headers) trigger a preflight OPTIONS request. Key headers include Access-Control-Allow-Methods (permitted HTTP methods), Access-Control-Allow-Headers (permitted request headers), Access-Control-Allow-Credentials (cookies), and Access-Control-Max-Age (preflight cache duration). CORS misconfiguration is a common source of both bugs (blocked requests) and security vulnerabilities (overly permissive origins).

Related Terms

Static Site Generator (SSG)
A tool that generates a complete static HTML website from templates and content at build time, requiring no server-side processing.
HTTP/2
The second major version of HTTP that improves performance through multiplexing, header compression, and server push.
Meta Tags
HTML elements in the page head that provide metadata about the document for browsers, search engines, and social media platforms.
Server-Sent Events (SSE)
A web technology enabling servers to push real-time updates to browsers over a single HTTP connection, simpler than WebSockets.
Responsive Design
A web design approach that makes web pages render well on all screen sizes using flexible layouts and media queries.
CSS Flexbox
A CSS layout model that provides efficient arrangement of items within a container, handling alignment, distribution, and spacing.
 View All Web Development Terms →