To access data from other origins or post data to them, CORS is needed. Other resources such as images and CSS are not restricted and can be accessed from other origins. The same-origin policy only restricts on-page scripts from accessing data or posting data to a different origin. Without this policy, a malicious website would be able to read your sensitive information on another website by making an HTTP request to the website. The same-origin policy is a security measure to prevent Cross-Site Request Forgery (CSRF). This means that a website is only allowed to make requests to the same origin unless the response from other origins includes the right CORS headers (the CORS headers will be listed in the next section of this article). Internet browsers follow the same-origin policy and restrict cross-origin HTTP requests initiated from scripts. Two URLs would be considered to be having different origins when they have different protocols, ports (if specified), or hosts.įor example, making a request from to is considered cross-origin as they have different hostnames. It is a mechanism for relaxing the same-origin policy of modern internet browsers. The name explains itself, Cross-Origin Resource Sharing (CORS)is an HTTP mechanism that allows resource sharing from one origin to another origin securely.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |