CORS

acronym

web devsecurity

Stands for: Cross-Origin Resource Sharing

The browser mechanism that decides whether a web page may make requests to a different origin.

By default the same-origin policy blocks a page on one site from reading responses from another; Cross-Origin Resource Sharing is how a server opts to allow specific cross-origin access. Misunderstanding it is behind a large share of "blocked by CORS" developer headaches.

Also known as: cors, cross-origin resource sharing, same-origin policy

All glossary entries