CORS (Cross-Origin Resource Sharing)
Cross-Origin Resource Sharing
A browser mechanism that restricts or allows data loading from different sites to keep things secure.
In Simple Terms
CORS is a mechanism that allows browsers to load data from a location other than the site currently being viewed. By default, browsers block this as a security measure — they won't freely load data from outside the current site. With CORS rules in place, you can selectively allow data exchange with specific trusted sources.
Behind the Name
CORS stands for Cross-Origin Resource Sharing — Cross (across), Origin (source or location), Resource (data and other assets), and Sharing (exchanging). It defines the rules browsers follow when exchanging data between different sites.
Take a Closer Look!
CORS is a mechanism that allows web browsers to safely load data from a different server.
On the internet, there is a fundamental rule that browsers can only access data from the same origin — this prevents malicious sites from secretly stealing data from other sources.
This strict rule is called the Same-Origin Policy, but on its own, it creates problems when you want to use features or content from other sites.
With CORS, you can define rules upfront that create exceptions, selectively allowing data to be fetched from specific external origins.
In practice, the browser checks permission-related information during communication with the server.
When the browser sends a request, the server responds with a special header indicating that access from a particular site is permitted.
The browser then uses this to decide whether it is safe to display the data.
For certain types of requests, the browser first sends a preliminary check — known as a preflight request — to ask whether access is allowed before proceeding.
In short, CORS is a set of rules that lets browsers and servers verify whether the requesting party is authorized.
Thanks to this, information from various sites can be combined and used while keeping security intact.