CORS- Cross Origin Resource Sharing

What is CORS?

It is simply a protocol that lets browsers allow resources from different origins in the currently running app.

It allows you to make requests from your website to other websites within the browser; which by default the browsers do not allow by a policy called same-origin policy (SOP). The way SOP works is that once the browser senses that there is an external request being made, it makes it not readable.

Why is CORS needed?

CORS allows certain trusted origins to make to make requests. The origins here are the protocols (http or https), hosts (the domain you are accessing) and the port. As such the browsers implementing CORS will include headers called “Origin” in the requests made.

One of such headers is the Access-Control-Allow-Origin ; which is used to determine which origin should be allowed. When defined as Access-Control-Allow-Origin:* it means that the browser should allow access from any origin. It can however be narrowed down to a given origin using

Access-Control-Allow-Origin: https://exampes.com where in this case it means the browser should only allow requests to only https://exampes.com.

There are two types of CORS requests. Simple and Preflight requests.