Understanding CORS
Understanding CORS
CORS or Cross Origin Resource Sharing is an http mechanism to let a user gain access to resources located on a domain other that the one the site lives on by using some additional headers. So for example lets say your app located on http://test1.domain.com needs to make a REST call to an api located on http://test2.domain.com/some/awesome/endpoint.
Now By default a browser wouldn’t allow such a request. This is done for http security reasons. What that means is a browser wouldn’t allow a request made from within a script on a webpage to access any HTTP resources located on a domain other than the one site was originally loaded from. For example both XMLHttpRequest and the Fetch API follow same-origin policy. Thats where CORS comes in. CORS facilitates this behavior by first validating test2.domain.com using some special headers
Headers
The headers that relate to CORS are :
Request Headers
- Origin
- Access-Control-Request-Method
- Access-Control-Request-Headers
Response Headers
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Expose-Headers