Cross-origin resource sharing (CORS)
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch()
and XMLHttpRequest
follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
Resource types
- Invocations of
fetch()
orXMLHttpRequest
- Web Fonts (for cross-domain font usage in
@font-face
within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so
- WebGL textures
- Images/video frames drawn to a canvas using
drawImage()
- CSS shapes from images
- scripts
- iframes
Here are 2,916 public repositories matching this topic...
🔋 Starter project for an ES6 RESTful Express API.
-
Updated
Mar 25, 2023 - JavaScript
CORS "anywhere" proxy in a Cloudflare worker. DEMO at: https://test.cors.workers.dev/
-
Updated
May 24, 2024 - JavaScript
A collection of simple demos of CORS
-
Updated
Mar 28, 2024 - JavaScript
Wormhole — it's better EventEmitter for communication between tabs with supporting Master/Slave.
-
Updated
Jun 27, 2023 - JavaScript
Cloudflare Workers
-
Updated
Jan 31, 2024 - JavaScript
CORS compliant API to access Instagram's public data
-
Updated
Apr 24, 2018 - JavaScript
Mike North's Web Security Course
-
Updated
Jun 4, 2024 - JavaScript
Ecommerce application back-end codes
-
Updated
Dec 22, 2022 - JavaScript
A CORS proxy in a container (Docker) for when you need to `Access-Control-Allow-Origin: *`!
-
Updated
Jan 23, 2023 - JavaScript
Create React + Redux app structure with build configurations ✨
-
Updated
Feb 27, 2023 - JavaScript
A lightweight JavaScript CORS Reverse Proxy designed to run in a Cloudflare Worker.
-
Updated
Sep 13, 2020 - JavaScript
An awesome tour booking web app written in NodeJS, Express, MongoDB 🗽 (NB: This is es6 version but you can find the es5 version in 'es5-version' branch. And as it's free deployed server, could take few moments for first time rendering. Thank you)
-
Updated
Nov 23, 2023 - JavaScript
A delightful way to building a Node.js RESTful API Services with beautiful code written in Vanilla Javascript
-
Updated
Dec 6, 2021 - JavaScript
MERN Employee Payroll Management (My SQL, Express, React & Nodejs)
-
Updated
Jun 18, 2024 - JavaScript
Created by WHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks
Released May 2006
- Followers
- 12 followers
- Website
- fetch.spec.whatwg.org/#http-cors-protocol
- Wikipedia
- Wikipedia