DEV Community: Akeem omosanya

Understanding Cross - Origin Resource Sharing (CORS)

Akeem omosanya — Sun, 25 Jan 2026 22:34:35 +0000

Understanding Cross-Origin Resource Sharing (CORS) - DEV Community

When building modern web applications, you’ll almost certainly run into CORS errors. They can be...

dev.to

Understanding Cross-Origin Resource Sharing (CORS)

Akeem omosanya — Sun, 25 Jan 2026 22:33:11 +0000

When building modern web applications, you’ll almost certainly run into CORS errors. They can be confusing at first, especially when your frontend and backend live on different domains.

In this post, I’ll explain what CORS is, why it exists, and how it works, with clear examples you can relate to.

What Is CORS?

Cross-Origin Resource Sharing (CORS) is a security mechanism based on HTTP headers that allows a server to specify which origins (domain, scheme, or port) are permitted to access its resources from a browser.

By default, browsers enforce the Same-Origin Policy, which prevents JavaScript running on one origin from accessing resources on another origin. CORS provides a controlled way to relax that restriction.

Example of a Cross-Origin Request

Frontend: https://domain-a.com Backend API: https://domain-b.com/data.json
If JavaScript from domain-a.com tries to fetch data from domain-b.com, the browser will only allow it if the server responds with the correct CORS headers.

Why Browsers Enforce CORS

CORS exists to protect users from malicious websites stealing sensitive data such as:

Cookies.
Authentication tokens.
Private user information.

APIs like fetch() and XMLHttpRequest automatically follow CORS rules to reduce these risks.

What Requests Use CORS?

CORS applies to many browser features, including:

fetch() and XMLHttpRequest
Web fonts loaded via @font-face
WebGL textures
Images or videos drawn to a canvas
CSS shapes that use external images

How CORS Works

The browser sends a request with an Origin header.
The server responds with CORS headers (or none).
The browser decides whether to allow JavaScript access to the response.

For some requests, the browser sends a preflight request first to ask the server for permission.

Simple Requests (No Preflight)

Some requests are considered simple and do not require a preflight.

Conditions for a Simple Request

Method is GET, HEAD, or POST
Only safe headers are used (e.g. Accept, Content-Type)
Content-Type is one of:
1. application/x-www-form-urlencoded
2. multipart/form-data
3. text/plain

Example

fetch("https://bar.other/data.json")
  .then(res => res.json())
  .then(data => console.log(data));

Request Sent by Browser

Origin: https://foo.example

Server Response

Access-Control-Allow-Origin: *

The browser allows the response to be read by JavaScript.

If the server wants to restrict access:

Access-Control-Allow-Origin: https://foo.example

Preflighted Requests (OPTIONS)

Requests that can modify server data or use custom headers require a preflight.

What Triggers a Preflight?

HTTP methods like PUT, DELETE, or PATCH
Custom headers (e.g. Authorization, X-Custom-Header)
Non-simple Content-Type (e.g. application/json, text/xml)

Example Request

fetch("https://bar.other/doc", {
  method: "POST",
  headers: {
    "Content-Type": "text/xml",
    "X-PINGOTHER": "pingpong",
  },
  body: "<person><name>Arun</name></person>",
});

Preflight Request (Sent Automatically)

OPTIONS /doc
Origin: https://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, x-pingother

Server Response

Access-Control-Allow-Origin: https://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400

If approved, the browser sends the actual request.

Credentialed Requests (Cookies & Auth)

By default, browsers do not send cookies in cross-origin requests.

To include credentials:

fetch(url, {
  credentials: "include"
});

Required Server Headers

Access-Control-Allow-Origin: https://foo.example
Access-Control-Allow-Credentials: true

Important rules:

Access-Control-Allow-Origin cannot be *
Credentials + wildcard = blocked by browser

Common CORS Headers

Response Headers

Access-Control-Allow-Origin : Who can access the resource
Access-Control-Allow-Methods : Allowed HTTP methods
Access-Control-Allow-Headers : Allowed custom headers
Access-Control-Allow-Credentials : Allow cookies/auth
Access-Control-Max-Age : Cache preflight result duration
Access-Control-Expose-Headers : Headers visible to JS

Request Headers (Browser-Set)

Origin
Access-Control-Request-Method
Access-Control-Request-Headers

Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.

Akeem omosanya — Wed, 09 Oct 2024 01:46:58 +0000

JSON Web Token(JWT) is a self-contained way to securely transmit data and information between two parties using a JSON object. In this article, we'll dive into the structure of JWTs and how they work.

WHAT IS JWT?
JWT(JSON Web Token) is a compact, URL-safe token that is used to securely transmit information between two parties.JWT can be signed and verified, ensuring that the information is authentic and hasn't been altered.

However, JWT should be used mainly for authorization rather than authentication.In other words,JWT helps manage permissions for users who are already authenticated.Once a user logs in,the server generates a JWT containing information about the user,and the client uses this token in requests.Each time the client sends a request,the server validates the JWT to authorize the user.

JSON Web Token Structure
A JWT has a standard structure that consists of three parts,separated by dots(.).This structure can be broken down as: aaaaaaa.bbbbbbb.ccccccc

Header(a)
Payload(b)
Signature(C)

Therefore, a Json web token being sent between the client and the server may look like the above illustration but instead of A's , B's and C's those will be unique characters for that specific client.

JWT Header

The header is the first part of a JWT. It contains two key pieces of information:

The algorithm used for signing (e.g., HS256, RS256)
The type of token (JWT)
A typical JWT header looks like this:

{
  "alg": "HS256",
  "typ": "JWT"
}

The header is then Base64Url encoded to create the first part of the JWT(a).

JWT PAYLOAD

A JWT Payload consist of a data. The Payloads data contains claims,and there are three different types of claims.
1. Registered
2. Public
3. Private
An example of a JWT payload could be:

{
  "sub": "1234567890",
  "name": "Eric Charles",
  "given_name": "Eric",
  "family_name": "Charrles",
  "email": "Ericcharles@gmail.com",
  "admin": true
}

The payload is also Base64Url encoded to create the second part of the JWT.

JWT Signature

A JWT Signature is created by using the algorithm in the header to hash out the encoded header, encoded payload with a secret.
The secret can be anything, but is saved somewhere on the server that the client does not have access to
The signature is the third and final part of a JWT (c).

HMACSHA256(
  base64UrlEncode(header) + "." + base64UrlEncode(payload),
  secret
)

This results in the third part of the JWT.

How JWT Works in Practice

Here’s how JWT-based authorization typically works:

User Logs In: The user provides their credentials, which are verified by the server.
JWT Issued: Upon successful authentication, the server generates a JWT and sends it back to the client. This token contains all the information needed to identify the user and their permissions.
Client Stores JWT: The client stores the JWT (usually in local storage or cookies).
Client Makes Requests: For future requests, the client sends the JWT in the Authorization header like this:

Authorization: Bearer <JWT_TOKEN>

Server Verifies JWT: The server verifies the JWT using the secret key. If the token is valid and hasn't expired, the server processes the request; otherwise, it rejects it.

MASTERING MYSQL

Akeem omosanya — Sat, 04 Nov 2023 21:15:58 +0000

WHAT IS MYSQL?

The SQL part of MySQL stands for Structured Query Language. MySQL is a relational database management system, Databases are the essential data storage for all software applications. For example, whenever someone conducts a web search, logs in to an account, or completes a transaction, a database system stores the information so it can be accessed in the future, a relational database stores data in separate tables rather than putting all the data in one table. SQL is the most common standardized language used to access databases.

KEY FEATURES OF MYSQL

Open Source
MySQL is open source means it is available and possible for anyone to use and modify the software, This makes it an attractive choice for businesses and developers looking to manage their data without incurring substantial licensing costs.
High Performance
MySQL is known for its speed and efficiency. It can handle large datasets and complex queries with ease, making it a reliable choice for high-traffic websites and data-intensive applications.
Cross-Platform Compatibility
MySQL is designed to be platform-independent, which means it can run on various operating systems, including Windows, Linux, macOS, and more. This cross-platform compatibility allows you to make use of your database in the environment that best suits your needs.

MySQL uses Structured Query Language (SQL) for interacting with the database. Here are some essential SQL commands:

SELECT: Retrieve data from one or more tables using the SELECT statement.
INSERT: Add new records to a table.
UPDATE: Modify existing records.
DELETE: Remove records from a table.
JOIN: Combine data from multiple tables based on a related column.

MYSQL BENEFITS

Web Applications: MySQL is a popular choice for building web applications, including content management systems, e-commerce platforms, and social media sites.
Reliability: MySQL is one of the most mature and widely used databases. It has been tested in a wide variety of scenarios many times and was confirmed reliable.
Data Warehousing: It can be used as a data warehouse to store and analyze large volumes of data for business intelligence and reporting.

CONCLUSION
MySQL's versatility and reliability have made it a great choice for developers and organizations. Whether you're building a small-scale web application or managing huge data warehouses, MySQL provides the tools and features necessary to meet your data storage and retrieval needs.

HOW DOES THE INTERNET WORK

Akeem omosanya — Sat, 30 Sep 2023 09:21:25 +0000

It is important to have a solid understanding of what the internet is and how it works. The Internet has become such a large part of our lives, that a good understanding is needed to use it effectively.
Firstly, we need to know what a network is, A Network is a group of computers or other devices that are connected
When all networks are connected they form the Internet. The Internet is a network of networks
The Internet is a global network of computers connected to each other that communicate through standardized protocols.
When data is sent over the internet, it is broken up into small packets(A small unit of data transmitted over the internet.) sent from your device to a router(A device that directs packets of data between different networks.).
The router examines the packet and forwards it to the next router in the path towards its destination.
This process continues until the packet reaches its final destination. To ensure that packets are sent and received correctly, the internet uses different protocols.
A protocol is a set of rules and standards that define how information is exchanged between devices and systems, these protocols include the Internet Protocol (IP) and the Transmission Control Protocol (TCP).
The Internet Protocol (IP) is responsible for routing packets to their correct destination, while the transmission control protocol (TCP) ensures that packets are transmitted reliably and in the correct order.
IP addresses and domain names are both important concepts to understand when working with the internet.

An IP address is a unique identifier assigned to each device on a network. It’s used to route data to the correct destination, ensuring that information is sent to the intended recipient. IP addresses are typically represented as a series of four numbers separated by periods, such as “194.167.1.1”.Domain names on the other hand, are human-readable names used to identify websites and other internet resources. They’re composed of two or more parts, separated by periods. For example, “google.com” is a domain name. Domain names are translated into IP addresses using the Domain Name System (DNS).
HTTP is the protocol used to transfer data between a client (such as a web browser) and a server (such as a website). When you visit a website, your web browser sends an HTTP request to the server, asking for the webpage or other resource you’ve requested, the server then sends an HTTP response back to the client, containing the requested data.
TCP/IP (Transmission Control Protocol/Internet Protocol) is the underlying communication protocol used by most Internet-based applications and services. It provides a reliable, ordered, and error-checked delivery of data between applications running on different devices.

HTTPS is a more secure version of HTTP, which encrypts the data being transmitted between the client and server using SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption. This provides an additional layer of security, helping to protect sensitive information.

PYTHON DICTIONARIES

Akeem omosanya — Thu, 14 Sep 2023 15:47:11 +0000

PYTHON DICTIONARIES
The dictionaries are like a little in-memory database, Dictionaries are Python’s most powerful data collection. It lets us do fast database-like operations on Python. Dictionaries have different names for different languages

PHP - Associative arrays
Java - property or hash map
Property bag - C#

So the idea of the dictionary is putting more than one thing in it and has ways of indexing it. We index the thing we put in the dictionary with a look-up tag. Dictionaries are enclosed in curly braces {} and consist of one or more key-value pairs separated by colons. For example

my_dict = {
"name": "John",
"age": 30,
"City": "New York"
}

In this dictionary, name, age, and city are keys while John, 30, and New York are their values respectively.
You can also make an empty dictionary using empty curly braces

my_dict = {}
print (my_dict)
{}

You can change the values, for example:

my_dict["age"] = 31

One use of dictionaries is counting how often we see something. You can use dictionaries to count the frequency of elements in a list or string. For example

counts = dict()
print (‘Enter a line of text: ‘)
line = input (‘ ’)
words = line.split()
print (‘words:’, words)
For word in words :
count [word] = counts.get(word, 0) + 1
print (‘count’, counts)

Also when working with API, dictionaries are often used to display JSON responses.
A list is a collection that is in an organized order while a dictionary is a lot of values each with its own label.

WHY DO WE PROGRAM

Akeem omosanya — Thu, 31 Aug 2023 20:16:28 +0000

WHY DO WE PROGRAM?
In the world we are today, programming has become an integral part of our lives. If you are reading this, it’s as a result of countless lines of code. Have you ever wondered why we program? What makes humans dedicate their time to crafting codes to make machines do specific tasks? Computers have languages which we as programmers use to communicate with them, they are programming languages. The first computer programming language was created in 1883 when a woman named Ada Lovelace worked with Charles Babbage on his very early mechanical computer, the Analytical Engine. While Babbage was concerned with simply computing numbers, Lovelace saw that the numbers the computer worked with could represent something other than just amounts of things. She wrote an algorithm for the Analytical Engine that was the first of its kind. Because of her contribution, Lovelace is credited with creating the first computer programming language. As different needs have arisen and new devices have been created, many more languages have followed like Assembly language, FORTRAN, COBOL, BASIC, HTML, C++, JavaScript, Python, and so on. Computer programming languages allow us to tell machines what to do. Machines and humans think very differently, so programming languages are necessary to bridge that gap.

Problem solving
Programming is a tool for solving various problems. Programming helps users solve their problems in different ways, optimizing supply chains, stimulating climate change scenarios, and enabling communication over a wide range of distance.
Programming is a means by which we convert our ideas into solutions to problems.
Global Connectivity
In this world, programming links the geographical gaps. It enables global communications through social networks, and e-commerce websites, and allows people to communicate with each other to share ideas and carry out other activities globally.
Personal Fulfillment
For many programmers, the act of writing codes is very satisfying, and creating projects which could go worldwide and bring about jobs and can be immensely gratifying. It makes programmers motivated.
Impact on Society
Programming has a very great impact on the society. It enables the society to interact with various technology which makes life easy for users and ease stress.
Career Opportunities
Programming is a career opportunity for many, there is a growing demand for tech talents to develop new and more technologies. It is a stable and well paid profession. Many people are drawn into programming due to it’s financial benefits and career advancement.
In conclusion, programming is driven by a lot of motivation. As a programme, you move from a user perspective to a programmer's perspective which means thinking widely into the creation of new technologies for advancement.