Understanding CORS: Why It's Important and How it Worksby@amrtawfik
673 reads

Understanding CORS: Why It's Important and How it Works

tldt arrow
Read on Terminal Reader

Too Long; Didn't Read

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. CORS works by adding HTTP headers to requests and responses that indicate whether the request or response is allowed to access the resources. The same-origin policy is a security measure that prevents a malicious script from accessing resources that the user of the page is not intended to have access to.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Understanding CORS: Why It's Important and How it Works
Amr Tawfik HackerNoon profile picture

@amrtawfik

Amr Tawfik

react to story with heart

What is CORS?

CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos.

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos.

Types of CORS requests

There are two types of cross-origin requests: simple requests and pre-flighted requests.

Simple requests

A simple request is one that uses methods such as GET, HEAD, or POST. These methods are considered safe because they are not capable of causing a change in state on the server.

Pre-flighted requests

A pre-flighted request is one that uses a method such as PUT or DELETE. These methods can cause a change in state on the server, so the browser sends a request to the server to check if the request is allowed. The server then responds with the appropriate headers, and if the response is successful, the browser sends the actual request.

CORS mechanism

The CORS mechanism works by adding HTTP headers to cross-origin HTTP requests and responses. These headers indicate whether the request or response is allowed to access the resources.

How does CORS work?

When a browser sends a request to a server, it includes an Origin header. This header contains the origin of the request, which is the domain, protocol, and port of the page making the request.

The server can then decide whether to allow or deny the request. If the request is allowed, the server includes the Access-Control-Allow-Origin header in the response. This header specifies the origin that is allowed to access the resources.

If the request is denied, the server includes the Access-Control-Allow-Origin header with a value of "*", which indicates that no origin is allowed to access the resources.

Why is CORS important?

CORS is important because it allows browsers to enforce the same-origin policy. The same-origin policy is a security measure that prevents a malicious script from accessing resources that it should not have access to.

Without CORS, a malicious script could make a request to a server in another domain and access the resources that the user of the page is not intended to have access to.

What are the benefits of CORS?

CORS provides a number of benefits:

  • It allows browsers to enforce the same-origin policy, which is a security measure that prevents a malicious script from accessing resources that it should not have access.

  • It allows restricted resources on a web page to be requested from another domain. This can be useful when you want to embed a resource from another domain, such as an image or a video.

  • It allows the browser to send a pre-flighted request to the server to check if the request is allowed. This can be useful when you want to make a request that could potentially cause a change in state on the server.

Feel free to reach out to me!😊

🕊 Twitter | 👩‍💻 Instagram | 📩 Email


Also published here.

Amr Tawfik HackerNoon profile picture
by Amr Tawfik @amrtawfik.18y | web(3) developer and entrepreneur with a passion for programming, investing, and mathematics | Founder of NFTs Lab
Read my stories

RELATED STORIES

L O A D I N G
. . . comments & more!
Hackernoon hq - po box 2206, edwards, colorado 81632, usa