Understanding CORS

Simply CORS is fetching resources from other application having different origin than the client-side.

Applying a CORS restriction is a security feature defined by a server and implemented by a browser.

How to know we are making a cross-origin-request? First, we have to know what origin comprises of. image.png So when we make a request to an origin which differs in any of the above mentioned parameters then it is CORS.
image.png

So how it works:

  1. So when any application having endpoint example.com makes a request to a example-server.com browser embeds image.png in the request.
  2. When the server receives a request & if it wants to share its resources then it will add image.png
  3. Server also adds another field response.type of cors or opaque.
    • If a request is made for a resource on another origin which returns the CORs headers, then the type is cors.
    • Opaque response is for a request made for a resource on a different origin that doesn't return CORS headers.
  4. When the browser receives a response if it finds the relevant Access-Control-Allow-Origin header, the browser allows the response data to be shared with the client site.

Thanks for reading this article.