Full Stack

CORS, Cross-origin resource sharing first look

Let’s talk in this article about CORS. That’s cross-origin resource sharing. 

CORS : It’s a mechanism that’s baked into pretty much all modern browsers.
Scenario why we need the CORS :  Imagine this, let’s say you have a web page running on www.yourwebapp.com and that web page contains some JavaScript. If you try to load a resource via that JavaScript from any host that is not www.yourwebapp.com your browser will throw an error. So let’s say you have JavaScript that’s running on yourwebapp.com that needs to hit a RESTful resource on a different website, your browser will throw a fit. Even a sub domain like sub.yourwebapp.com will be treated like a stranger by the browser. Why? To protect browsers from malicious or compromised scripts. That JavaScript might not be accessing just any subdomain. It could be a criminal server for any number of malicious reasons. 

So CORS, or cross-origin resource sharing, is a way to allow legit, trusted JavaScript code to safely access remote hosts while keeping the bad guys at bay. At it’s core, CORS, unintended, is powered by passing around special HTTP headers.

Resources :

  • medium.com
  • lynda.com

Comment here