Question 1

What's the difference between CORS and the Same-Origin Policy (SOP)?

Accepted Answer

The Same-Origin Policy is the browser’s default rule that blocks a web page from reading responses from a different origin (scheme + host + port). CORS is the standard way for a server to explicitly relax that rule for specific origins by sending HTTP headers that tell the browser it’s allowed.

Question 2

When should I use CORS?

Accepted Answer

Use CORS when a browser-based frontend (for example, https://app.example.com) needs to call an API or fetch resources hosted on a different origin (for example, https://api.example.com). Configure CORS on the API/resource server to allow only the specific origins, methods, and headers your app needs.

Question 3

How much does CORS cost?

Accepted Answer

CORS itself is a free HTTP/browser standard—there’s no direct licensing cost. Indirect costs come from the infrastructure serving requests (API gateway, load balancer, CDN, object storage) and from extra CORS preflight (OPTIONS) requests that can increase request volume and latency, which may affect usage-based cloud billing.

CORS

Definition

Real-World Example

Cloud Provider Equivalencies

Explore More Cloud Computing Terms