DEV Community

Cover image for CORS in short
Shihabudheen US
Shihabudheen US

Posted on • Updated on

CORS in short

What is CORS ❓

CORS is actually a method to access the resources📁 that are forbidden 🚫 to be used by the client🌐, by default. There exists a same-origin policy which ensures clients can only access the resources in their own domain. That means if I am a client with domain xyz.com I can only access resources in the domain xyz.com.If I try to access something from lmn.com it will be blocked 🚫 by the browser.

cors

Why CORS❔

The CORS mechanism in the browser helps us to use the resources available in a different domain. With all the CORS enabled ✅ request there is an Origin header that gets added. In the response sent from the server 🗄️, there will be an access-allowed-origins header which contains the details of the origins which can utilise that response. The browser will see 🔍 if the origin matches the allowed ones. If it is matched, the response can be consumed by the client. Else, it will throw the CORS error ⛔.

One point to understand is, CORS is only applicable to clients like browsers. It will not come into picture when the cURL or postman requests are being made.

The same-origin policy is beneficial 👌 because it prevents 🚫 malicious 🦠 websites and servers from accessing our data. As I told, if the resource is to be accessible, it should be either in the same origin or should be whitelisted 📄 by the server.

Discussion (0)