CORS (EN)

Concept

Mechanism for cross-origin resource sharing for web applications

Definition

CORS (Cross-Origin Resource Sharing) is a mechanism that enables web applications to request resources from a different domain than their own. By setting HTTP headers such as Access-Control-Allow-Origin and Access-Allow-Credentials, servers can allow or restrict cross-origin requests. CORS is important for the security and functionality of modern web applications.

Architecture

sequenceDiagram     participant Client     participant Server     participant Browser          Client->>Browser: Request to other domain     Browser->>Server: OPTIONS Preflight Request     Server-->>Browser: Access-Control-Allow-Origin: *     Browser->>Server: Origin: client-domain.com     Server-->>Browser: Access-Control-Allow-Origin: client-domain.com     Browser->>Server: Actual Request     Server-->>Browser: Response with CORS headers     Browser->>Client: Data

In Context

Typically used together with AJAX and Fetch API
Related to: Same-Origin Policy, JSONP, Proxy Server
Example use case: Frontend application retrieves API from another domain

Quelle: AI Generated