CORS (Cross-Origin Resource Sharing)
GPTKB entity
Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
web security standard
|
| gptkbp:abbreviation |
gptkb:CORS
|
| gptkbp:alternativeTo |
JSONP
|
| gptkbp:appliesTo |
web browsers
web servers |
| gptkbp:canBe |
server response headers
|
| gptkbp:canBeBypassedBy |
JSONP (with limitations)
|
| gptkbp:category |
gptkb:HTTP_protocol
web development web security |
| gptkbp:compatibleWith |
older browsers
|
| gptkbp:defaultBehavior |
deny cross-origin requests
|
| gptkbp:definedIn |
gptkb:W3C
|
| gptkbp:enables |
cross-origin HTTP requests
secure cross-domain AJAX requests sharing of resources between different origins |
| gptkbp:fullName |
gptkb:Cross-Origin_Resource_Sharing
|
| gptkbp:headerFile |
Access-Control-Allow-Origin
Origin Vary Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Expose-Headers Access-Control-Max-Age |
| https://www.w3.org/2000/01/rdf-schema#label |
CORS (Cross-Origin Resource Sharing)
|
| gptkbp:introduced |
2009
|
| gptkbp:preflightRequestMethod |
OPTIONS
|
| gptkbp:prevention |
unauthorized cross-origin requests
|
| gptkbp:purpose |
allow restricted resources on a web page to be requested from another domain
|
| gptkbp:relatedTo |
gptkb:REST_API
gptkb:same-origin_policy gptkb:OAuth gptkb:SOP_(Same-Origin_Policy) gptkb:CSRF preflight request |
| gptkbp:requires |
explicit permission from server
server-side configuration |
| gptkbp:riskFactor |
misconfiguration can expose sensitive data
|
| gptkbp:specifies |
https://www.w3.org/TR/cors/
|
| gptkbp:supportedBy |
all major browsers
|
| gptkbp:usedBy |
gptkb:JavaScript
gptkb:XMLHttpRequest Fetch API |
| gptkbp:usedIn |
cloud services
web APIs single-page applications |
| gptkbp:uses |
HTTP headers
|
| gptkbp:bfsParent |
gptkb:Same-origin_policy
|
| gptkbp:bfsLayer |
6
|