Introduction To CORS (Cross-Origin Resource Sharing)
CORS or Cross-Origin Resource Sharing is a mechanism to make it possible to make requests from one website to another in the browser. The security policy, Same-Origin Policy (SOP) normally restricts this kind of behavior. If you’re writing an API for example, and want other websites to be able to access your API via browser side requests, you might want to define trusted origins that requests are allowed from or simply trust all origins.
If you want to allow some origins or all origins to access your API you want to set an additional HTTP response header that defines the “Access-Control-Allow-Origin”
// Allow any website to be able to access your server via a browser request
Access-Control-Allow-Origin: *
// Allow only NY Times to be able to access your server via a browser request
Access-Control-Allow-Origin: https://www.nytimes.comWant to learn more? There are quite a few good articles about CORS. Check this article Do You Really Know CORS?. This article by codeacademy is a good overview and this Medium article also has some good info. Read more about on Mozilla here.