Understanding CORS
Same-origin policy
A browser is only able to execute scripts to access data in the same domain if the domain name (or ip address) is the same as the current browser domain name. This is an important concept for website security and it prevents websites from stealing your login session or cookies and act on it on your behalf.
What is CORS
CORS (cross-site request forgery) is a form of malicious exploit of a website where the requests are sent without the users’ knowledge.
Example form of attack
CORS Pre-flight
–
references:
01 Dec 2016