Skip to content
#

Cross-origin resource sharing (CORS)

Star

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.

Resource types

  • Invocations of fetch() or XMLHttpRequest
  • Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so
  • WebGL textures
  • Images/video frames drawn to a canvas using drawImage()
  • CSS shapes from images
  • scripts
  • iframes

    • Here are 3,989 public repositories matching this topic...

    Language: JavaScript
    Filter by language
    All 5,808 JavaScript 3,989 TypeScript 767 Python 176 HTML 147 Go 128 Java 113 PHP 88 C# 80 CSS 47 Shell 46
    Sort: Most stars
    Sort options
    Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

    RishiBakshii / mern-ecommerce

    Star 273

    Modern e-commerce built with best practices in mind. MERN stack, Redux Toolkit for state management, Material UI for a delightful UI, and RESTful APIs for seamless integration. Dive in and explore!

    react cors mongodb react-router mongoose material-ui mern node-js jwt-authentication restful-api express-js forgot-password lottie-animation bcryptjs otp-verification react-hook-form redux-toolkit async-thunk http-only-cookies role-based-permissions
    • Updated Mar 14, 2025
    • JavaScript
    Natours

    lgope / Natours

    Star 145

    An awesome tour booking web app written in NodeJS, Express, MongoDB 🗽 (NB: This is es6 version but you can find the es5 version in 'es5-version' branch. And as it's free deployed server, could take few moments for first time rendering. Thank you)

    nodejs javascript cors compression stripe-api css3 mongoose validator helmet expressjs multer nodemailer json-web-token morgan pug-template-engine mongodb-atlas parceljs express-rate-limit express-mongo-sanitize xss-clean
    • Updated Nov 23, 2023
    • JavaScript

    Created by WHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks

    Released May 2006

    Followers
    13 followers
    Website
    github.com/topics/cors
    Wikipedia
    Wikipedia

    Related Topics

    ajax content-security-policy jsonp xhr