Saturday, February 20, 2016

CORS for security

What is it? 

Cross-Origin Resource Sharing is a W3C spec that allows resource sharing across domains. Some resources are allowed to come from any domain, but web fonts and AJAX requests are limited to accessing the same domain as the parent web page. This presents a problem if an AJAX request from www.example1.com wants to request a resource from www.example2.com. In order to fulfill that request a CORS security header will have to be added to the response.

Why? 

All modern browsers implement the same-origin policy as a preventative measure to keep attackers from redirecting users to malicious websites. This is a bit unfortunate for development teams implementing APIs to be used across distributed environments. It can be perfectly valid for an API to serve AJAX requests to multiple domains. This is why the CORS spec was introduced and is necessary for teams with environments spanning multiple domains.

How to use it? 

To successfully serve a cross-origin request the server side must specify the Access-Control-Allow-Origin and Access-Control-Allow-Methods headers. The Allow-Origin header specifics the domains allowed to access the resource and the Allow-Methods specifies the HTTP methods allowed (GET, PUT, etc). To specify all origins allowed the Allow-Origin header could just specify '*'.
Posted by at
Labels:

9 comments:

  1. stevencombsJuly 28, 2020 at 1:30 AM

    This article has some vast and valuable information about this subject.
    san francisco social media agency

    ReplyDelete
  2. Brazilian knivesApril 8, 2021 at 2:09 AM

    Their quality deliverables set them up for potential future engagement.
    website and logo design company

    ReplyDelete
  3. Lauren ChevalierJune 29, 2021 at 7:32 AM

    I would highly recommend him and may maintain looking to him with regard to search engine optimization support.
    Bay Area web design firms

    ReplyDelete
  4. SplegalnurseAugust 16, 2021 at 4:31 AM

    You guys present there are performing an excellent job.
    branding consultancy

    ReplyDelete
  5. Mary SabatiniSeptember 6, 2021 at 6:19 AM

    Hey nice post man! Thanks for incredible info.
    brand positioning firm

    ReplyDelete
  6. Gary WhiteOctober 6, 2021 at 8:29 AM

    This short article posted only at the web site is truly good.
    Bay Area design firms

    ReplyDelete
  7. Gary WhiteNovember 4, 2021 at 2:36 AM

    I hope you will share such type of impressive contents again with us so that we can utilize it and get more advantage.
    user experience design agency

    ReplyDelete
  8. Jonn WarneDecember 11, 2021 at 4:20 AM

    Thanks for letting us know about it, these information are really awesome. You can also check out whatsapp lite apk it will provide you complete apk file with unlock features.

    ReplyDelete
  9. keven johnNovember 21, 2024 at 5:37 AM

    Most people have heard of CORS which stands for Cross-Origin Resource Sharing and this serves a critical purpose in improving web security by controlling how resources are shared across domains. Because only specific domains of a computer system are granted access to confidential information, risks are minimised. The students who are conducting tech related assignments can take the help of a cheap assignment writing service to provide an organized format of the findings.

    ReplyDelete

Subscribe to: Post Comments (Atom)