Security

avatar
Created by
RetailTortoise38285

Cards (3)

  • Cross-Origin Resource Sharing (CORS)
    • Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.
  • Cross-Origin Resource Sharing (CORS)
    • An example of a cross-origin request: the front-end JavaScript code served from https://domain-a.com uses fetch() to make a request for https://domain-b.com/data.json.
    • For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
  • What requests use CORS?
    This cross-origin sharing standard can enable cross-origin HTTP requests for:
    • Invocations of fetch() or XMLHttpRequest, as discussed above.
    • Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so.
    • WebGL textures.
    • Images/video frames drawn to a canvas using drawImage().
    • CSS Shapes from images.