Cross-origin resource sharing (CORS)

Topic | v1 | created by jjones |

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests. The specification for CORS is included as part of the WHATWG's Fetch Living Standard. This specification describes how CORS is currently implemented in browsers. An earlier specification was published as a W3C Recommendation.


subtopic of Web programming

Web development is the work involved in developing a website for the Internet (World Wide Web) or an...

Edit details Edit relations Attach new author Attach new topic Attach new resource

has official Cross-Origin Resource Sharing (CORS) - HTTP | MDN

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indica...

treated in Deep dive in CORS: History, how it works, and best practices

Learn the history and evolution of same-origin policy and CORS, understand CORS and the different typ...

treated in CSRF, CORS, and HTTP Security headers Demystified

With an increasing number of breaches, intrusions, and data thefts, securing a web application is ext...