CORS (Cross-Origin Resource Sharing)

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf web security standard
gptkbp:abbreviation gptkb:CORS
gptkbp:alternativeTo JSONP
gptkbp:appliesTo web browsers
web servers
gptkbp:canBe server response headers
gptkbp:canBeBypassedBy JSONP (with limitations)
gptkbp:category gptkb:HTTP_protocol
web development
web security
gptkbp:compatibleWith older browsers
gptkbp:defaultBehavior deny cross-origin requests
gptkbp:definedIn gptkb:W3C
gptkbp:enables cross-origin HTTP requests
secure cross-domain AJAX requests
sharing of resources between different origins
gptkbp:fullName gptkb:Cross-Origin_Resource_Sharing
gptkbp:headerFile Access-Control-Allow-Origin
Origin
Vary
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Expose-Headers
Access-Control-Max-Age
https://www.w3.org/2000/01/rdf-schema#label CORS (Cross-Origin Resource Sharing)
gptkbp:introduced 2009
gptkbp:preflightRequestMethod OPTIONS
gptkbp:prevention unauthorized cross-origin requests
gptkbp:purpose allow restricted resources on a web page to be requested from another domain
gptkbp:relatedTo gptkb:REST_API
gptkb:same-origin_policy
gptkb:OAuth
gptkb:SOP_(Same-Origin_Policy)
gptkb:CSRF
preflight request
gptkbp:requires explicit permission from server
server-side configuration
gptkbp:riskFactor misconfiguration can expose sensitive data
gptkbp:specifies https://www.w3.org/TR/cors/
gptkbp:supportedBy all major browsers
gptkbp:usedBy gptkb:JavaScript
gptkb:XMLHttpRequest
Fetch API
gptkbp:usedIn cloud services
web APIs
single-page applications
gptkbp:uses HTTP headers
gptkbp:bfsParent gptkb:Same-origin_policy
gptkbp:bfsLayer 6