What is CORS?

Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers that restricts web pages from making requests to a different domain than the one serving the page.

Preflight Requests

For certain cross-origin requests, browsers send a preflight OPTIONS request to check if the actual request is allowed.

CORS Headers

• Access-Control-Allow-Origin: Access-Control-Allow-Origin: Specifies which origins can access the resource
• Access-Control-Allow-Methods: Access-Control-Allow-Methods: Lists allowed HTTP methods
• Access-Control-Allow-Headers: Access-Control-Allow-Headers: Specifies allowed request headers
• Access-Control-Allow-Credentials: Access-Control-Allow-Credentials: Indicates if credentials can be included