CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests.

The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.

Learn more

General knowledge

• Cross-Origin Resource Sharing (CORS) on MDN
• Cross-origin resource sharing on Wikipedia

CORS headers

Indicates whether the response can be shared.

Indicates whether or not the response to the request can be exposed when the credentials flag is true.

Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

Specifies the method or methods allowed when accessing the resource in response to a preflight request.

Indicates which headers can be exposed as part of the response by listing their names.

#beginners #security-terms #mozilla #hackernoon-top-story #password-protection #backend #web-development #security