Cross-Origin Resource Sharing (CORS) is a security feature that allows web applications to make requests to a different domain than the one that served the web page. This is particularly useful for web applications that need to interact with APIs on different domains.
CORS Basics
- What is CORS? CORS is an HTTP header that tells a browser to allow or deny cross-origin requests.
- Why use CORS? It helps to prevent malicious websites from reading sensitive data on another domain.
CORS Headers
Here are the most common CORS headers:
Access-Control-Allow-Origin: Specifies the origin(s) that are allowed to access the resource.Access-Control-Allow-Methods: Specifies the HTTP methods that are allowed.Access-Control-Allow-Headers: Specifies the HTTP headers that are allowed.
CORS Configuration
To configure CORS on your server, you can set the appropriate headers in your server's response. For example, in an Express.js application, you can use the cors middleware:
const cors = require('cors');
app.use(cors());
Related Links
CORS Diagram