CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos.
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos.
There are two types of cross-origin requests: simple requests and pre-flighted requests.
A simple request is one that uses methods such as GET, HEAD, or POST. These methods are considered safe because they are not capable of causing a change in state on the server.
A pre-flighted request is one that uses a method such as PUT or DELETE. These methods can cause a change in state on the server, so the browser sends a request to the server to check if the request is allowed. The server then responds with the appropriate headers, and if the response is successful, the browser sends the actual request.
The CORS mechanism works by adding HTTP headers to cross-origin HTTP requests and responses. These headers indicate whether the request or response is allowed to access the resources.
When a browser sends a request to a server, it includes an Origin header. This header contains the origin of the request, which is the domain, protocol, and port of the page making the request.
The server can then decide whether to allow or deny the request. If the request is allowed, the server includes the Access-Control-Allow-Origin header in the response. This header specifies the origin that is allowed to access the resources.
If the request is denied, the server includes the Access-Control-Allow-Origin header with a value of "*", which indicates that no origin is allowed to access the resources.
CORS is important because it allows browsers to enforce the same-origin policy. The same-origin policy is a security measure that prevents a malicious script from accessing resources that it should not have access to.
Without CORS, a malicious script could make a request to a server in another domain and access the resources that the user of the page is not intended to have access to.
CORS provides a number of benefits:
It allows browsers to enforce the same-origin policy, which is a security measure that prevents a malicious script from accessing resources that it should not have access.
It allows restricted resources on a web page to be requested from another domain. This can be useful when you want to embed a resource from another domain, such as an image or a video.
It allows the browser to send a pre-flighted request to the server to check if the request is allowed. This can be useful when you want to make a request that could potentially cause a change in state on the server.
Feel free to reach out to me!😊
🕊 Twitter | 👩💻 Instagram | 📩 Email
Also published here.