CORS

Definition

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that allows or restricts web applications running at one origin to make requests to resources on a different origin. This is crucial for enabling secure cross-origin requests and data sharing between different domains, while preventing unauthorized access to resources. CORS is controlled via HTTP headers that specify which origins are permitted to access resources, what HTTP methods are allowed, and whether credentials like cookies can be included in requests.

Secure Settings Example

Access-Control-Allow-Origin: https://trusted.example.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true

Insecure Settings Example

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Credentials: true