12 KiB
| title | chunk | source | category | tags | date_saved | instance |
|---|---|---|---|---|---|---|
| CORS - Glossary | MDN | 1/3 | https://developer.mozilla.org/en-US/docs/Glossary/CORS | reference | web, html, css, javascript, documentation | 2026-05-05T05:26:05.917812+00:00 | kb-cron |
MDN HTML HTML: Markup language
HTML reference
HTML guides
Markup languages
CSS reference
CSS guides
Layout cookbook
JavaScriptJS JavaScript: Scripting language
JS reference
JS guides
Web APIs Web APIs: Programming interfaces
Web API reference
Web API guides
- Using the Web animation API
- Using the Fetch API
- Working with the History API
- Using the Web speech API
- Using web workers
Technologies
Topics
Learn Learn web development
Frontend developer course
- Getting started modules
- Core modules
- MDN Curriculum
- Check out the video course from Scrimba, our partner
Learn HTML
Learn CSS
Learn JavaScript
Tools Discover our tools
About Get to know MDN better
CORS
CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether browsers block frontend JavaScript code from accessing responses for cross-origin requests. The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.
In this article
CORS headers
Indicates whether the response can be shared.
Access-Control-Allow-Credentials
Indicates whether or not the response to the request can be exposed when the credentials flag is true.
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Specifies the method or methods allowed when accessing the resource in response to a preflight request.
Indicates which headers can be exposed as part of the response by listing their names.
Indicates how long the results of a preflight request can be cached.
Access-Control-Request-Headers
Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
Indicates where a fetch originates from.
Specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.