DEV Community

Cover image for CORS in short
Shihabudheen US
Shihabudheen US

Posted on • Updated on


CORS in short

What is CORS โ“

CORS is actually a method to access the resources๐Ÿ“ that are forbidden ๐Ÿšซ to be used by the client๐ŸŒ, by default. There exists a same-origin policy which ensures clients can only access the resources in their own domain. That means if I am a client with domain I can only access resources in the domain I try to access something from it will be blocked ๐Ÿšซ by the browser.


Why CORSโ”

The CORS mechanism in the browser helps us to use the resources available in a different domain. With all the CORS enabled โœ… request there is an Origin header that gets added. In the response sent from the server ๐Ÿ—„๏ธ, there will be an access-allowed-origins header which contains the details of the origins which can utilise that response. The browser will see ๐Ÿ” if the origin matches the allowed ones. If it is matched, the response can be consumed by the client. Else, it will throw the CORS error โ›”.

One point to understand is, CORS is only applicable to clients like browsers. It will not come into picture when the cURL or postman requests are being made.

The same-origin policy is beneficial ๐Ÿ‘Œ because it prevents ๐Ÿšซ malicious ๐Ÿฆ  websites and servers from accessing our data. As I told, if the resource is to be accessible, it should be either in the same origin or should be whitelisted ๐Ÿ“„ by the server.

Top comments (0)

50 CLI Tools You Can't Live Without

The top 50 must-have CLI tools, including some scripts to help you automate the installation and updating of these tools on various systems/distros.