Understanding CORS

Akshay Sinha
3 min readAug 10, 2018

Understanding CORS

CORS or Cross Origin Resource Sharing is an http mechanism to let a user gain access to resources located on a domain other that the one the site lives on by using some additional headers. So for example lets say your app located on http://test1.domain.com needs to make a REST call to an api located on http://test2.domain.com/some/awesome/endpoint.

Now By default a browser wouldn’t allow such a request. This is done for http security reasons. What that means is a browser wouldn’t allow a request made from within a script on a webpage to access any HTTP resources located on a domain other than the one site was originally loaded from. For example both XMLHttpRequest and the Fetch API follow same-origin policy. Thats where CORS comes in. CORS facilitates this behavior by first validating test2.domain.com using some special headers

CORS

Headers

The headers that relate to CORS are :

Request Headers

  • Origin
  • Access-Control-Request-Method
  • Access-Control-Request-Headers

Response Headers

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Expose-Headers

--

--

No responses yet