Implementing CORS

Whenever the browser requests some resource from a server, there are some validation rules that apply. For many of these interactions, which only ask for information and do not attempt to produce any kind of change in the server, there is no limitation, and the requests are always allowed, as in the following cases:

  • CSS styles are required via a <link rel="stylesheet"> tag
  • Images are required via an <img> tag
  • JS code is required via a <script> tag
  • Media requests via the <audio> or <media> tags

For other types of requests, the Same Origin Policy or Single Origin Policy (SOP) limits requests to those that are sent to the same origin (meaning the protocol, as in http://, host name, as in modernjsbook.com, and port, as in :8080), refusing any other request that doesn't match one or more of the origin URL elements. This impacts, for example, all Ajax requests, which will be duly rejected.

However, if you are willing to accept requests from some or all servers, you can apply Cross Origin Resource Sharing (CORS) to enable such requests. Basically, CORS defines an interaction style that lets the server decide whether to allow a cross origin request; instead of blocking every request (as SOP would imply) or allowing all of them (a huge security breach!), rules can be applied to decide one way or the other.

If you want to read the current specification for CORS, see the Fetch Living Standard document at https://fetch.spec.whatwg.org/, specifically Section 3.2. A good article about CORS can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.15.1