Cross-Origin Resource Sharing (CORS) is a security protocol that allows web applications to securely access resources of other origin. This is possible by using additional HTTP headers to grant the browser permission to access these resources.
CORS Stages
Preliminary request. Before the main request, the browser sends a preflight research request to the server via the HTTP OPTIONS method. Its purpose is to ensure the security of the actual request.
CORS headers. The server responds with CORS headers, which determine which origin sites, HTTP methods, and headers are allowed in the actual request.
The actual request. If the preliminary check is successful, the browser proceeds to send the actual request with the relevant data.
Advantages of CORS
Safety. CORS ensures that sensitive data does not fall into the hands of malicious websites, thereby protecting the server and the client.
Flexibility. CORS allows developers to create dynamic and enriched websites through the safe use of resources of various origins.
Control. CORS determines which sites can interact with their owners’ servers and gives them a sense of control, allowing them to abandon the “single origin restriction“.
Application of CORS
Downloading fonts. When fonts from different sources are needed for a web page, the correct installation of CORS headers is of great importance.
API calls. CORS provides security and authorization of interaction when a web application makes API calls to the server from another source.
Getting the data. The correct implementation of CORS is crucial for single-page applications (SPA) that receive data from various sources.