Shih-Min Lee's Personal website

dating, chating, food, games, search

Follow me on GitHub

Understanding CORS

Same-origin policy

A browser is only able to execute scripts to access data in the same domain if the domain name (or ip address) is the same as the current browser domain name. This is an important concept for website security and it prevents websites from stealing your login session or cookies and act on it on your behalf.

What is CORS

CORS (cross-site request forgery) is a form of malicious exploit of a website where the requests are sent without the users’ knowledge.

Example form of attack

CORS Pre-flight

references:

01 Dec 2016