Posts tagged with cors
CORS? Of Course!
For those unfamiliar with CORS, it’s a way of precisely defining who and how a remote origin may invoke an API’s resources. Generally, due to the same-origin policy, a web browser will only allow the invocation of resources that reside on the same origin as the requesting page. This mitigates a range of malicious script attacks by preventing interaction with remote resources.
However, if we want our resource to be callable by some (or all) other origins, then we need to define a CORS policy which lets user agent know what’s allowed.