CORS (Cross-Origin Resource Sharing)
GPTKB entity
Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
web security standard
|
gptkbp:abbreviation |
gptkb:CORS
|
gptkbp:alternativeTo |
JSONP
|
gptkbp:appliesTo |
web browsers
web servers |
gptkbp:canBe |
server response headers
|
gptkbp:canBeBypassedBy |
JSONP (with limitations)
|
gptkbp:category |
gptkb:HTTP_protocol
web development web security |
gptkbp:compatibleWith |
older browsers
|
gptkbp:defaultBehavior |
deny cross-origin requests
|
gptkbp:definedIn |
gptkb:W3C
|
gptkbp:enables |
cross-origin HTTP requests
secure cross-domain AJAX requests sharing of resources between different origins |
gptkbp:fullName |
gptkb:Cross-Origin_Resource_Sharing
|
gptkbp:headerFile |
Access-Control-Allow-Origin
Origin Vary Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Expose-Headers Access-Control-Max-Age |
https://www.w3.org/2000/01/rdf-schema#label |
CORS (Cross-Origin Resource Sharing)
|
gptkbp:introduced |
2009
|
gptkbp:preflightRequestMethod |
OPTIONS
|
gptkbp:prevention |
unauthorized cross-origin requests
|
gptkbp:purpose |
allow restricted resources on a web page to be requested from another domain
|
gptkbp:relatedTo |
gptkb:REST_API
gptkb:same-origin_policy gptkb:OAuth gptkb:SOP_(Same-Origin_Policy) gptkb:CSRF preflight request |
gptkbp:requires |
explicit permission from server
server-side configuration |
gptkbp:riskFactor |
misconfiguration can expose sensitive data
|
gptkbp:specifies |
https://www.w3.org/TR/cors/
|
gptkbp:supportedBy |
all major browsers
|
gptkbp:usedBy |
gptkb:JavaScript
gptkb:XMLHttpRequest Fetch API |
gptkbp:usedIn |
cloud services
web APIs single-page applications |
gptkbp:uses |
HTTP headers
|
gptkbp:bfsParent |
gptkb:Same-origin_policy
|
gptkbp:bfsLayer |
6
|