What is the meaning of CORS?

11

I always see the CORS word related to an error occurring when trying to make a XmlHttpRequest request for a given page, which does not have the same domain as the source.

Example:

  

XMLHttpRequest can not load link . Response to preflight request does not pass access control check: In 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' link ' is therefore not allowed access.

But what is the meaning of the word CORS ?

Is this word used to define the error that occurred, or some browser security policy?

    
asked by anonymous 04.08.2016 / 18:14

2 answers

11

CORS Cross-Origin Resource Sharing in English and Sharing source resources is an agreement on how to switch features between browser and server when the browser attempts to access a domain other than the one in which you are browsing.

It is a set of rules, a W3C specification , for what kind of resources can be accessed, and how to limit them. These rules are implemented by browsers / browsers, and it is this (the browser) that limits access.

These rules were imposed for security reasons. To prevent scripts on the page from freely accessing and ordering from other sites and interacting with them.

In the server part the door can be "opened" to one, several or all requests / domains. This implementation is language specific but in the background implies that there are headers present that the browser can read:

Access-Control-Allow-Origin: * // <- aberto para todos
Access-Control-Allow-Origin: http://example.com:8080 http://foo.example.com // <- só estes dois dominios podem aceder

Regarding the error:

  

XMLHttpRequest can not load link . Response to preflight request does not pass access control check: In 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' link ' is therefore not allowed access.

When the browser reads in the url for example http: it assumes that it is an external url. In fact http://localhost/ should be interpreted as "same domain" but because of http the browser thinks it is not ... To solve this problem, which also applies in online domains, you should use relative paths, and not absolute with http... etc .

More reading:

. Wikipedia: link

. W3C: link In English

. MDN: link In English

    
04.08.2016 / 18:21
1

It means Cross-Origin Resource Sharing . Briefly: For security, today, multiple servers and contans implement a deadlock for when a request from outside your domain occurs. More information.

    
04.08.2016 / 18:17