juniorWeb Security
What is CORS?
Updated May 6, 2026
Short answer
CORS controls how resources are shared between different origins.
Deep explanation
Cross-Origin Resource Sharing defines headers allowing or blocking cross-origin requests. Browsers enforce SOP unless CORS headers permit access.
Real-world example
Frontend calling APIs hosted on different domains.
Common mistakes
- Using wildcard '*' in secure environments.
Follow-up questions
- What triggers a preflight request?
- Is CORS a server or browser feature?