Cross-origin Resource Sharing
Explore how Cross-Origin Resource Sharing (CORS) manages which domains can access web resources and helps prevent unauthorized data access. Learn about the risks of cross-origin HTTP requests, how CORS headers work on the server side, and why older methods like JSONP pose security issues. This lesson will equip you with knowledge to secure your web applications against cross-origin attacks.
We'll cover the following...
Problem: your money gets stolen online!
Imagine you are checking your bank balance via your bank’s website. Meanwhile, you open a blogging website in another tab. You finish with the blogging website and come back to your banking website. You notice that your account balance has been wiped clean! All the money went away after you opened that blogging website! What could have happened?
The cause
So, it turns out that the blogging website had sent an HTTP request to your banking website for a funds transfer. When a website can access a resource or execute commands on another domain via HTTP requests, the process is called cross-origin resource sharing. This is a problem because it can be abused, like in the case above. ...