Cross-origin resource sharing (CORS)

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.

Resource types

• Invocations of fetch() or XMLHttpRequest
• Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so
• WebGL textures
• Images/video frames drawn to a canvas using drawImage()
• CSS shapes from images
• scripts
• iframes

• GitHub: https://github.com/topics/cors
• Wikipedia: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
• Created by: WHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks
• Released: May 2006
• Related Topics: xhr, ajax, jsonp, content-security-policy,
• Last updated: 2026-06-23 00:06:34 UTC
• JSON Representation

https://github.com/maryna-korbet/team-project-foodies-backend

Team project "Foodies App"

bcrypt cloudinary cors dotenv express gravatar jimp joi jsonwebtoken mongodb mongoose morgan multer nanoid nodejs swagger yaml

Last synced: 05 Oct 2025

https://github.com/maximoospital/download-proxy

Demo for using a NuxtJS server as a proxy to avoid CORS-related trouble when downloading files form an external server.

axios cors download nuxtjs nuxtjs-template nuxtjs2 proxy v2

Last synced: 07 Oct 2025

https://github.com/mishs/dog-breed-viewer

REACT focused, MERN-stack context assessment

cors expressjs mern-stack netlify-deployment sqlite3 tailwindcss tanstack-react-query typescript zod zustand

Last synced: 02 Apr 2026

https://github.com/sa-190/api-connection

this easy application contain 3 branches. master branch include api and project branch include windows form application for connect to api. and project2 branch include asp.net web application to connect the api. to run to this application, you require to IIS manager activation and publish api with this. and you have to install CORS inside your api project. for prevent to this error: Access to XMLHttpRequest at 'http://xxx/api' from origin 'https://yyy' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

api cors script webapi windowsforms xml xmlhttprequest

Last synced: 25 Feb 2026

https://github.com/danfalcon225/mern_stack_app

MERN stack app | Backend CRUD | Backend Router | CORS Policy | MongoDB operations | Frontend CRUD | Frontend Router

axios cors express javascript mongodb mongoose node-js notistack reactjs tailwindcss vite

Last synced: 09 Apr 2026

https://github.com/ashimasaini45/authentication-apis

Tech Stack: Express.js(Backend), MongoDB(Database)

axios bootstrap cors nodemailer plugins-api react-router

Last synced: 18 Jan 2026

https://github.com/nitinkondhari03/voting_app

A secure voting app with user authentication, authorization, and admin functionalities, allowing users to cast votes, preventing duplicate votes, enabling the admin to view all votes, and providing a button to determine the winning candidate while closing the voting forms.

axios bcryptjs body-parser cors dotenv expressjs jsonwebtoken nodejs nodemon pg postgresql-database react-icons react-router-dom reactjs sequelize

Last synced: 10 Apr 2026

https://github.com/manju1807/node-ts-express-template

A robust and secure Express.js boilerplate with TypeScript, featuring advanced security middleware, MongoDB integration, and tools for building production-ready Node.js apps.

advance-security boilerplate cors data-sanitization expressjs helmet mongoose nodejs nosql-injection produc product-ready secure-backend template typescript xss-protection

Last synced: 18 Jan 2026

https://github.com/ivanrods/notelinks-backend

Api para criar e gerenciar anotações de forma eficiente.

bcryptjs cors express jwt-authentication knex multer pm2

Last synced: 04 May 2026

https://github.com/luiizsilverio/api-vendas

API de Vendas desenvolvida em Node durante o curso de API Rest do prof. Aluizio Dev.

celebrate cors date-fns dotenv handlebars joi jsonwebtoken multer node-mailer nodejs nodemailer postgres typeorm typescript

Last synced: 14 Apr 2026

https://github.com/khai-pi/dynamodb-lambda-cdk-typescript

Cdk setup template for using lambda functions with dynamodb with unit tests

aws aws-lambda aws-sample cdk ci cors dynamodb jest lint prettier

Last synced: 14 Apr 2026

Cross-origin resource sharing (CORS) Awesome Lists

Cross-origin resource sharing (CORS) Categories