CORS : Cross-Origin Resource Sharing
Basically CORS is a security feature of web browser that allow or restrict the web page in one domain to access resource from other domain (cross-origin).
For example, when you fetch data from an api, an error occurred. You may have seen the error in the console of the browser. It happens because api doesn't know that the request you're sending is secure or not.
To access the resource, browser need to allow cross-origin request.
Here CORS mechanism comes into picture.
The response we get after sending a request for data from api, contains HTTP header also. This HTTP header has Access-control-allow-origin and Access-control-allow-method.
Preflight Request is sent automatically from browser as a part of CORS mechanism. It is used to check whether the cross-origin(other domain) is safe to execute or not.
After preflight request, actual request is sent to the other domain i.e. cross-origin.
Not every time preflight request is sent.For simple request, browser doesn't sent preflight request.
It is only sent if browser detect that there might be some security concerns.
That's the simple explaination of cors. For in-depth information, MDN docs are best!
Top comments (0)