What is CORS?
Simply CORS is fetching resources from other application having a different origin than the client-side.
Who applies CORS?
Applying a CORS restriction is a security feature defined by a server and implemented by a browser.
How to know we are making a cross-origin-request?
First, we have to know what origin comprises of.
So when we make a request to an origin which differs in any of the above mentioned parameters then it is CORS.
So how it works:
- So when any application having endpoint
https://example.commakes a request to ahttps://example-server.combrowser embeds
in the request.
- When the server receives a request & if it wants to share its resources then it will add
- Along with that server also adds another field response.type of cors or opaque which can be useful to know if you don't have control over server side api.
- If a request is made for a resource on another origin which returns the CORS headers, then the type is cors.
- Opaque response is for a request made for a resource on a different origin that doesn't return CORS headers.
- When the browser receives a response if it finds the relevant Access-Control-Allow-Origin header, the browser allows the response data to be shared with the client site.
Thanks.
Top comments (0)