CORS: Difference between revisions
From Rice Wiki
(Created page with "= Sources = * [https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Cross-Origin Resource Sharing (CORS) - HTTP | MDN] = Same-origin policy = Before talking about CORS, we must first understand a security mechanism called the '''same-origin policy'''. This policy restricts how a document or script loaded by one origin can interact with a resource from another origin. This isolates potentially malicious documents. Consider a hacker website with a script that requests...") |
|||
Line 9: | Line 9: | ||
==== Define. Origin ==== | ==== Define. Origin ==== | ||
Two URLs have the same ''origin'' if they have the same protocol, port, and host. | |||
= | = What is CORS = | ||
'''Cross-Origin Resource Sharing''' (CORS) allows server | '''Cross-Origin Resource Sharing''' (CORS) allows server |
Revision as of 00:45, 3 March 2024
Sources
Same-origin policy
Before talking about CORS, we must first understand a security mechanism called the same-origin policy. This policy restricts how a document or script loaded by one origin can interact with a resource from another origin.
This isolates potentially malicious documents. Consider a hacker website with a script that requests resources from our server. Since the hacker website does not have the same origin as us, they can't access our website by the same-origin policy.
Define. Origin
Two URLs have the same origin if they have the same protocol, port, and host.
What is CORS
Cross-Origin Resource Sharing (CORS) allows server