Cross-Origin Resource Sharing (CORS)

wikipedia:Cross-Origin Resource Sharing is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Example:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

[
   {
       "AllowedHeaders": [
           "*"
       ],
       "AllowedMethods": [
           "PUT",
           "POST",
           "GET",
           "DELETE"
       ],
       "AllowedOrigins": [
           "*"
       ],
       "ExposeHeaders": [
           "ETag"
       ],
       "MaxAgeSeconds": 3000
   }
]

Errors[edit]

• has been blocked by CORS policy

Related terms[edit]

• AWS API Gateway
• HSTS
• Tellme Networks
• Caddyfile
• gsutil cors
• Terraform resource: aws cloudfront origin access control
• CORS (golang)
• geth --http --http.corsdomain

See also[edit]

• Template:HTTP methods
• CSRF, CORS, XSRF
• W3C, CORS
• CORS, HSTS, Access-Control-Allow-Origin, Enabling CORS for a REST API resource, Lighthouse bn --http --http-allow-origin, Caddyfile, gsutil cors, cors_rule, aws_s3_bucket_cors_configuration, geth --http.corsdomain, Preflighted requests, CORS (golang)