CORS

From Rice Wiki

Sources

Same-origin policy

Before talking about CORS, we must first understand a security mechanism called the same-origin policy. This policy restricts how a document or script loaded by one origin can interact with a resource from another origin.

Two URLs have the same origin if they have the same protocol, port, and host.

This isolates potentially malicious documents. Consider a hacker website with a script that requests resources from our server. Since the hacker website does not have the same origin as us, they can't access our website by the same-origin policy.

On the browser side, an HTTP header is attached to identify the origin. There are a series of steps to implement same-origin policy on the server side. For more information, see the MDN article (for my use case, Express cors module works fine).

What is CORS

Cross-Origin Resource Sharing (CORS) allows server