What is CORS ?

​​Cross-origin resource sharing (CORS) is a standard for accessing web resources on different domains.

From: https://www.maxcdn.com/one/visual-glossary/cors/?utm_source=text


When a browser executes a script that references a resource on another domain, it requests the content directly from the second domain. The second domain determines whether or not to serve the content by validating the first domain, which is included as part of the request. The second domain then returns either the content or an error message back to the browser, bypassing the first domain entirely.

Step-by-step, here’s how CORS works ?

  • A user opens a resource on a webpage which references another domain. This is usually a JavaScript file, but can include fonts and CSS resources.
  • The user’s browser creates a connection to the second domain, adding an “Origin” HTTP header to the request which contains the first domain.
  • The second domain replies with an “Access-Control-Allow-Origin” HTTP header which lists the domains allowed to make CORS requests. A wildcard (“*”) allows all domains to make requests.
  • If the first domain is allowed to make the request, the second domain responds with the requested content.
  • The Access-Control-Allow-Origin header is defined in the second domain’s server configuration. If the header doesn’t contain wildcards and the first domain isn’t explicitly included, the browser displays an error message.From: https://www.maxcdn.com/one/visual-glossary/cors/?utm_source=text

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s