(Cross-Origin Resource Sharing) is a system, consisting of transmitting , that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests. CORS HTTP headers The forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources. same-origin security policy Learn more General knowledge on MDN Cross-Origin Resource Sharing (CORS) on Wikipedia Cross-origin resource sharing CORS headers Access-Control-Allow-Origin Indicates whether the response can be shared. Access-Control-Allow-Credentials Indicates whether or not the response to the request can be exposed when the credentials flag is true. Access-Control-Allow-Headers Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Access-Control-Allow-Methods Specifies the method or methods allowed when accessing the resource in response to a preflight request. Access-Control-Expose-Headers Indicates which headers can be exposed as part of the response by listing their names. Access-Control-Max-Age Indicates how long the results of a preflight request can be cached. Access-Control-Request-Headers Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made. Access-Control-Request-Method Used when issuing a preflight request to let the server know which will be used when the actual request is made. HTTP method Origin Indicates where a fetch originates from. Technical reference Fetch specification View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authen tication Cipher Cipher suite Ciphertext CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS Published under license Open CC Attribution ShareAlike 3.0

Fetch

Mozilla

Glossary of Security Terms: CORS-Safelisted Request Header

Glossary of Security Terms: Ciphertext

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Glossary of Security Terms: CORS

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

A Quick Introduction to the Resize Observer API

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps