Blog Single

Applications
Introduction to Cross-Origin Resource Sharing (CORS)
/ Simeon Bala / 0 Comments

Introduction to Cross-Origin Resource Sharing (CORS)

Table of Contents:

Introduction to Cross-Origin Resource Sharing (CORS)

Have you ever wondered how websites can securely access information from other websites? Cross-Origin Resource Sharing, often called CORS, is a foundation of web development. It lets web pages ask for items from a source (domain, scheme, or port) different from where the web page started. It is important for today’s web applications because it allows controlled, safe exchanges between varied domains, lowering the chance of security troubles like cross-site request forgery (CSRF) and unapproved application access.

Background: Same-Origin Policy

Before we explore CORS, it’s important for you to understand the Same-Origin Policy. It’s a security feature made by web browsers. This policy stops web pages from requesting from a source different from where they were loaded. This restriction is there to stop bad scripts from making unwanted requests on behalf of you, the user.

How CORS Works

CORS functions with HTTP headers and a system where browsers make a “preflight” request to the server hosting the cross-origin resource. This preflight request checks if the server approves the actual request by sending headers. These headers show the HTTP method and headers that will be used in the request. Here’s how CORS works, step by step:

  • Request Start – A web page from one place (like `https://domain-a.com`) tries to ask for something from another place (like `https://domain-b.com/data.json`) using tools such as `fetch()` or `XMLHttpRequest`.
  • Preflight Request – If the request is not basic (it uses methods other than GET, HEAD, or POST, it adds special headers), the browser sends a preflight request to the server. It is an OPTIONS request that adds headers, like `Access-Control-Request-Method` together with `Access-Control-Request-Headers`, to tell the server about the actual request that will be made.
  • Server Response – The server answers the preflight request with headers. These headers show if the actual request is allowed. Important headers include:
    • Access-Control-Allow-Origin – This names the sources allowed to reach the resource. It can be a certain domain, or `*` to allow every domain.
    • Access-Control-Allow-Methods – This lists the HTTP methods allowed for the request.
    • Access-Control-Allow-Headers – This names the headers that you can add to the request.
  • Actual Request – If the server allows the request, the browser makes the real request. If not, the browser blocks the request and sends an error to the web page.

Why is CORS Important?

These are some reasons why CORS is an important tool for developers:

  • Security – CORS is controlled by the browser, not the server. It helps stop unauthorized access or CSRF attacks by only allowing approved cross-origin requests.
  • Flexibility – CORS lets servers name what domains are allowed to access their resources, so it offers varied controls for managing cross-origin actions.
  • Use Cases – CORS is important when resources are needed from different domains. For example, if web applications use APIs from other domains or when loading resources like web fonts from outside sources.

CORS in Real Life

CORS sees frequent use in many web development situations:

  • API Integration – When APIs from various domains are included into a web application, CORS headers must be correctly set for cross-origin requests to be permitted.
  • Static Website Hosting – Services like Amazon S3 use CORS to permit static websites hosted on S3 to make requests to the same bucket using the S3 API.
  • Web Fonts plus Resources – Pulling web fonts, maybe some other resources, from outside domains requires CORS settings. This makes sure browsers are able to reach these resources safely.

Conclusion

Cross-Origin Resource Sharing (CORS) is a main part of today’s web development. It lets secure and controlled actions between different domains. By learning how CORS functions, including its role in stopping unwanted access, you, as a developer, have the ability to build stronger, more safe web applications. As web technologies keep growing, CORS will remain a core part of keeping cross-origin requests safe and secure.

FAQ

What is a “same-origin”?

A “same-origin” means that the protocol (like HTTP or HTTPS), the domain (like example.com), with the port (like 80 or 443) are the same.

Why do I need CORS?

You need CORS to allow a website from one origin to access resources from a different origin securely. Without CORS, the browser’s Same-Origin Policy prevents such requests.

What happens if CORS is not configured correctly?

If CORS isn’t set up properly, your browser blocks cross-origin requests, generating errors in your web applications.

Is CORS a foolproof security measure?

CORS adds a very useful degree of security. Even so, it isn’t a perfect wall. Ensure you implement other security best practices.

Resources & References:

  1. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS
  2. https://konghq.com/blog/learning-center/what-is-cors-cross-origin-resource-sharing
  3. https://www.moesif.com/blog/technical/api-development/What-is-CORS-Essential-Guide-to-Cross-Origin-Resource-Sharing/
  4. https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html
  5. https://blog.sucuri.net/2024/06/cross-origin-resource-sharing.html

Author

Simeon Bala

An Information technology (IT) professional who is passionate about technology and building Inspiring the company’s people to love development, innovations, and client support through technology. With expertise in Quality/Process improvement and management, Risk Management. An outstanding customer service and management skills in resolving technical issues and educating end-users. An excellent team player making significant contributions to the team, and individual success, and mentoring. Background also includes experience with Virtualization, Cyber security and vulnerability assessment, Business intelligence, Search Engine Optimization, brand promotion, copywriting, strategic digital and social media marketing, computer networking, and software testing. Also keen about the financial, stock, and crypto market. With knowledge of technical analysis, value investing, and keep improving myself in all finance market spaces. Pioneer of the following platforms were I research and write on relevant topics. 1. https://publicopinion.org.ng 2. https://getdeals.com.ng 3. https://tradea.com.ng 4. https://9jaoncloud.com.ng Simeon Bala is an excellent problem solver with strong communication and interpersonal skills.

Related Posts

Business Growth Accelerators: A Comprehensive Guide
Applications
Business Growth Accelerators: A Comprehensive Guide
/ Simeon Bala / 0 Comments
What is an illegal Cross-Origin request
Applications
What is an illegal Cross-Origin request
/ Simeon Bala / 0 Comments

Leave a comment

Your email address will not be published. Required fields are marked *