Thanks to the rapid growth of JavaScript frameworks such as Angular, Vue, and React, CORS has become a popular word in the developer’s vocabulary.
When requesting information from an external source such as an API (a pretty common practice for client-side JavaScript code), the origin of the resource must tell the web browser which domain, HTTP method, and header are allowed to request the resource.
This is possible and easy to do with the Cross-origin resource sharing (CORS) headers — the most common being Access-Control-Allow-Origin, Access-Control-Allow-Methods and Access-Control-Allow-Headers.
Continue reading A Quick Glance at Cross-Origin Resource Sharing Security Headers at Sucuri Blog.
Source: Sucuri
