A club's guest list for websites
Day 42 of 149
👉 Full deep-dive with code examples
The Exclusive Club
You're at a club. The bouncer has a guest list.
You: "I'm from VIP Corp!"
Bouncer: checks list "VIP Corp is allowed. Come in!"
Your friend: "I'm from Random Inc!"
Bouncer: "Not on the list. Sorry!"
CORS is the bouncer for websites!
The Problem
Your website is at mysite.com.
You want to load data from api.example.com.
Browser: "Wait! That's a different domain!"
Browser: "I'm blocking this for security!"
How CORS Fixes It
The API server says: "It's okay, mysite.com is allowed!"
Browser: "Can mysite.com access this?"
API Server: "Yes, mysite.com is on my list!"
Browser: "OK, I'll allow it."
The server sends a header:
Access-Control-Allow-Origin: mysite.com
Common CORS Error
Access to fetch blocked by CORS policy
This means the server didn't say your site is allowed!
Fix: Server needs to add CORS headers.
In One Sentence
CORS prevents websites from loading data from other domains unless those domains explicitly allow it.
🔗 Enjoying these? Follow for daily ELI5 explanations!
Making complex tech concepts simple, one day at a time.
Top comments (0)