CORS : Cross Origin Resource Sharing

Rohit PaulRohit Paul
2 min read

Table of contents

Cross-Origin Resource Sharing (CORS) is a browser mechanism that allows controlled access to resources located outside of a given domain. It's a security feature that helps prevent malicious scripts from accessing sensitive data on other domains.

Here's a breakdown of CORS:

What it does:

  • Enables controlled sharing of resources between different domains.

  • Protects sensitive data from unauthorized access.

  • Defines how a browser and server can interact to allow or deny cross-origin requests.

How it works:

  1. A web application from one domain (origin) makes a request to a resource on another domain (target).

  2. The target server checks its CORS configuration to see if the request is allowed.

  3. If the request is allowed, the server sends a response back to the origin.

  4. If the request is denied, the browser will block the request and prevent the application from accessing the resource.

CORS headers:

  • Access-Control-Allow-Origin: Specifies which origins are allowed to access the resource.

  • Access-Control-Allow-Methods: Specifies which HTTP methods are allowed to be used for requests (e.g., GET, POST, PUT, DELETE).

  • Access-Control-Allow-Headers: Specifies which HTTP headers are allowed to be sent with the request.

  • Access-Control-Allow-Credentials: Specifies whether cookies and other HTTP credentials can be sent with the request.

Benefits of CORS:

  • Improved security by restricting access to sensitive data.

  • Enables development of complex web applications that rely on resources from other domains.

  • Provides a standardized way for browsers and servers to communicate about cross-origin requests.

Examples of CORS in action:

  • When you embed an image from another website on your blog.

  • When you use a social media plugin to share content from another website.

  • When you use an API to access data from another website.

Resources for further learning:

1
Subscribe to my newsletter

Read articles from Rohit Paul directly inside your inbox. Subscribe to the newsletter, and don't miss out.

webdevCORSdatasharing

Written by

Rohit Paul
Rohit Paul

I am a developer, a student, an engineer, a gamer, an explorer, and a photographer and cricketer by hobby.