223 reads
Glossary of Security Terms: CORS
by Mozilla ContributorsAugust 19th, 2020
Too Long; Didn't Read
CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests. CORS gives web servers the ability to say they want to opt into allowing cross-Origin access to their resources. The same-origin security policy forbids cross-origest access to resources. Mozilla (stylized as moz://a) founded in 1998 by members of Netscape. by Mozilla Contributors.
CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests.
The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.
Learn more
General knowledge
- Cross-Origin Resource Sharing (CORS) on MDN
- Cross-origin resource sharing on Wikipedia
CORS headers
Indicates whether the response can be shared.
Access-Control-Allow-Credentials
Indicates whether or not the response to the request can be exposed when the credentials flag is true.
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Specifies the method or methods allowed when accessing the resource in response to a preflight request.
Indicates which headers can be exposed as part of the response by listing their names.
Indicates how long the results of a preflight request can be cached.
Access-Control-Request-Headers
Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
Indicates where a fetch originates from.
Technical reference
View Previous Terms:
- Block cipher mode of operation
- Certificate authority
- Challenge-response authen tication
- Cipher
- Cipher suite
- Ciphertext
- CORS-safelisted request header
- CORS-safelisted response header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HSTS
- HTTPS
- Key
- MitM
- OWASP
- Preflight request
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
- Source: https://developer.mozilla.org/en-US/docs/Glossary/CORS
- Published under Open CC Attribution ShareAlike 3.0 license
L O A D I N G
. . . comments & more!
. . . comments & more!
About Author
TOPICS
THIS ARTICLE WAS FEATURED IN...
RELATED STORIES
10 Cool CI/CD Tools For Your Project #devops
Jun 28, 2020
27 Stories To Learn About Ssl #ssl
Jun 08, 2023
