Konubinix' opinionated web of thoughts

Cross-Origin Resource Sharing


CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests


preflight request

CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers


It is an OPTIONS request, using three HTTP request headers:

  1. Access-Control-Request-Method,
  2. Access-Control-Request-Headers,
  3. and the Origin header.


simple request

When providing the origin header, the server automatically returns the access-control-allow-XXXX headers and the browser won’t deal with the data in that case in the cors data is wrong.