Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

http

What is the Access Control Allow Origin response header?

Fahad Farid

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

The Access Control Allow Origin response header indicates if the response can be shared by requesting code from the given origin.

The header can take three values based on the case:

  1. Access-Control-Allow-Origin: * If a request is made without the credentials, a \* is added that tells the browser to allow a requesting code from any origin to access the resource.
  2. Access-Control-Allow-Origin: <origin> This specifies a single origin. In the server’s case (supporting clients from multiple origins), it must return the origin for the client requesting.
  3. Access-Control-Allow-Origin: null This value should not be used to serialize the origin of resources that use a non-hierarchical scheme. Sandboxed documents are defined as null.
    User agents may grant access to these documents and create a hostile document with null origin.

Note If the server sends a response with an Access-Control-Allow-Origin value, it is an explicit origin, and the response must include a vary header to indicate that the server response will differ based on the origin request header. Therefore, that server must be cautious.

RELATED TAGS

http

CONTRIBUTOR

Fahad Farid
Copyright ©2022 Educative, Inc. All rights reserved

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring