CORS stands for cross-origin resource sharing.
CORS is a part of HTTP that permits a server to designate other hosts from which a browser should allow the loading of content.
Said in another way, CORS allows a website on one URL to request data from a different URL.
An Example:
A browser makes a request, and adds an Origin
header to the request message.
One of two things could now happen:
The request could go to a server on the same origin. If this occurs, it is allowed by the browser. This is due to the same-origin policy. Two URL's are considered to have the same Origin
if the protocol, port (if included), and host are the same.
If instead that same request goes to a server on a different origin, then things play out a bit differently. If it goes to a different URL, it's known as a cross-origin request. When one website creates a response to a request sent from another website, it may include an Access-Control-Allow-Origin
header. This header is then used to determine what the permitted origin of a request may be. If the request Origin
and response Access-Control-Allow-Origin
header match, then access is not blocked.