276 reads

Glossary of Security Terms: CORS

by Mozilla ContributorsAugust 19th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests. CORS gives web servers the ability to say they want to opt into allowing cross-Origin access to their resources. The same-origin security policy forbids cross-origest access to resources. Mozilla (stylized as moz://a) founded in 1998 by members of Netscape. by Mozilla Contributors.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Glossary of Security Terms: CORS
Mozilla Contributors HackerNoon profile picture

CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests.

The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.

Learn more

General knowledge

CORS headers

Access-Control-Allow-Origin

Indicates whether the response can be shared.

Access-Control-Allow-Credentials

Indicates whether or not the response to the request can be exposed when the credentials flag is true.

Access-Control-Allow-Headers

Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

Access-Control-Allow-Methods

Specifies the method or methods allowed when accessing the resource in response to a preflight request.

Access-Control-Expose-Headers

Indicates which headers can be exposed as part of the response by listing their names.

Access-Control-Max-Age

Indicates how long the results of a preflight request can be cached.

Access-Control-Request-Headers

Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.

Access-Control-Request-Method

Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.

Origin

Indicates where a fetch originates from.

Technical reference

View Previous Terms:

Credits

Notion
L O A D I N G
. . . comments & more!

About Author

Mozilla Contributors HackerNoon profile picture
Mozilla Contributors@mozilla
Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.
Read my storiesAbout @mozilla

TOPICS

purcat-imgscience#beginners#security-terms#mozilla#hackernoon-top-story#password-protection#backend#web-development#security

THIS ARTICLE WAS FEATURED IN...

Arweave
Read on Terminal Reader Terminal
Read this story w/o Javascript Lite
Learnrepo
Coffee-web
Hashnode
Learnrepo
Learnrepo

RELATED STORIES

Article Thumbnail
A Quick Introduction to the Resize Observer API
by mozilla
Nov 29, 2021
#mozilla
Article Thumbnail
10 Cool CI/CD Tools For Your Project
by ahmed-m.-gamal
Jun 28, 2020
#devops
Article Thumbnail
27 Stories To Learn About Ssl
by learn
Jun 08, 2023
#ssl
Article Thumbnail
20 Essential Backend Tools For Developers
by ashutoshmishra
Aug 22, 2023
#web-development
Article Thumbnail
3 Most Common Ways to Connect your Node and React Applications
by itsrakesh
Jan 02, 2022
#reactjs
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Categories

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks