What is CORS โ
CORS is actually a method to access the resources๐ that are forbidden ๐ซ to be used by the client๐, by default. There exists a same-origin policy which ensures clients can only access the resources in their own domain. That means if I am a client with domain xyz.com I can only access resources in the domain xyz.com.If I try to access something from lmn.com it will be blocked ๐ซ by the browser.
Why CORSโ
The CORS mechanism in the browser helps us to use the resources available in a different domain. With all the CORS enabled โ
request there is an Origin header that gets added. In the response sent from the server ๐๏ธ, there will be an access-allowed-origins header which contains the details of the origins which can utilise that response. The browser will see ๐ if the origin matches the allowed ones. If it is matched, the response can be consumed by the client. Else, it will throw the CORS error โ.
One point to understand is, CORS is only applicable to clients like browsers. It will not come into picture when the cURL or postman requests are being made.
The same-origin policy is beneficial ๐ because it prevents ๐ซ malicious ๐ฆ websites and servers from accessing our data. As I told, if the resource is to be accessible, it should be either in the same origin or should be whitelisted ๐ by the server.
Top comments (0)