CORS

Definition

Cross-Origin Resource Sharing - mechanism that allows web pages to access resources from other domains, enhancing web application functionality.

Use Cases

Frequently Asked Questions

What's the difference between CORS and the Same-Origin Policy (SOP)?
The Same-Origin Policy is the browser’s default rule that blocks a web page from reading responses from a different origin (scheme + host + port). CORS is the standard way for a server to explicitly relax that rule for specific origins by sending HTTP headers that tell the browser it’s allowed.
When should I use CORS?
Use CORS when a browser-based frontend (for example, https://app.example.com) needs to call an API or fetch resources hosted on a different origin (for example, https://api.example.com). Configure CORS on the API/resource server to allow only the specific origins, methods, and headers your app needs.
How much does CORS cost?
CORS itself is a free HTTP/browser standard—there’s no direct licensing cost. Indirect costs come from the infrastructure serving requests (API gateway, load balancer, CDN, object storage) and from extra CORS preflight (OPTIONS) requests that can increase request volume and latency, which may affect usage-based cloud billing.

Category: security

Difficulty: intermediate

See Also