Bybit - Win $500 BTC Bonus!Never get a boring domain. Get .Tech!
Visit Radix https://bit.ly/3cg9cv7
promoted
Before you go, check out these stories!
0- Read
- Top Stories
- Write
- Listen
- Learn
Web Development Data Science - What is it?
- Best 50 Sites to Learn it
- Data Engineering
- Data Science Course 2020 🔗
- Deep Learning A-Z 🔗
- Deep Learning vs. Machine Learning
- Love
- ML Essentials
- PG Program in Artificial Intelligence and Machine Learning 🔗
- Optimize Your CV
- Python for Machine Learning 🔗
- Statistics for Data Science and Business Analysis🔗
- Zero to H...
Languages - Advertise
- About
- Tech Companies
- Experts 📞
Glossary of Security Terms: CORS-Safelisted Request Header by@mozillaGlossary of Security Terms: CORS-Safelisted Request Header
@mozillaMozilla Contributors
Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.
A CORS-safelisted request header is one of the following HTTP headers:
When containing only these headers (and values that meet the additional requirements laid out below), a requests doesn't need to send a preflight request in the context of CORS.
You can safelist more headers using the
header and also list the above headers there to circumvent the following additional restrictions:Access-Control-Allow-Headers
Additional restrictions
CORS-safelisted headers must also fulfill the following requirements in order to be a CORS-safelisted request header:
- For
andAccept-Language
: can only have values consisting ofContent-Language
,0-9
,A-Z
, space ora-z
.*,-.;= - For
andAccept
: can't contain a CORS-unsafe request header byte:Content-Type
, Delete, Tab and control characters: 0x00 to 0x19."():<>?@[\]{} - For
: needs to have a MIME type of its parsed value (ignoring parameters) of eitherContent-Type
,application/x-www-form-urlencoded
, ormultipart/form-data
.text/plain - For any header: the value’s length can't be greater than 128.
Learn more
View Previous Terms:
- Certificate authority
- Challenge-response authentication
- Cipher
- Cipher suite
- Ciphertext
- CORS
- CORS-safelisted response header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HSTS
- HTTPS
- Key
- MitM
- OWASP
- Preflight request
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
- Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header
- Published under Open CC Attribution ShareAlike 3.0 license
Related
1 reaction
@mozillaMozilla Contributors
5min
01/14/21
pre-emoji story
@maverick705Kenneth Reiners
01/22/21
Tags
Join Hacker Noon
Create your free account to unlock your custom reading experience.