CORS(cross origin resource sharing)
- 2020年4月13日
- 技術情報
Today I will talk about cors , cross origin resource sharing. What its exactly and how we can handle it.
“CORS” stands for Cross-Source Resource Exchange. It allows you to make requests from one website to another website in the browser, which is normally prohibited by another browser policy called Same Source Policy (SOP).
You also have to know about SOP, same origin policy. CORS and SOP are browser policies that have been developed in response to security issues and browser vulnerabilities.
The browser-specific vulnerability that the Same Source Policy is intended to address is called “cross-site request forgery” (CSRF). The easy fix was for browsers to detect when a request is made from one website to another and prevent the response from being readable. This is the Same-Origin Policy.
Web servers that want to support CORS requests must respond to preflight requests with the following HTTP headers:
Access-Control-Allow-Origin: the whitelist origin, or “*”
Access-Control-Allow-Methods – A comma-separated list of HTTP methods that the web server wants to allow for cross-origin requests
Access-Control-Allow-Headers – A comma-separated list of HTTP headers that the web server wants to allow for cross-origin requests
By Yuuma.
yuuma at 2020年04月13日 11:00:47