Cross-origin resource sharing (CORS)
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
Resource types
- Invocations of
fetch()orXMLHttpRequest
- Web Fonts (for cross-domain font usage in
@font-facewithin CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so
- WebGL textures
- Images/video frames drawn to a canvas using
drawImage()
- CSS shapes from images
- scripts
- iframes
Here are 164 public repositories matching this topic...
CORS Misconfiguration Scanner
- Updated
Sep 17, 2022 - Python
🎯 Fast CORS misconfiguration vulnerabilities scanner
- Updated
Nov 25, 2021 - Python
Cross Origin Resource Sharing ( CORS ) support for Flask
- Updated
Feb 24, 2025 - Python
The last Micro Web Server for IoTs (MicroPython) or large servers (CPython), that supports WebSockets, routes, template engine and with really optimized architecture (mem allocations, async I/Os). Ready for ESP32, STM32 on Pyboard, Pycom's chipsets (WiPy, LoPy, ...). Robust, efficient and documented!
- Updated
Apr 2, 2024 - Python
Boilerplate API on how to structure big Flask applications (includes SQLAlchemy, Docker, nginx)
- Updated
Apr 17, 2019 - Python
A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.
- Updated
Jan 30, 2023 - Python
Combine the power of FastAPI and Django to build a production-ready application capable of utilizing all of the best features of both worlds.
- Updated
Jan 20, 2022 - Python
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
- Updated
Oct 9, 2024 - Python
Use Django To Introduce CORS and Same-Origin Policy
- Updated
Jul 3, 2022 - Python
Live for Go hackers (bug bounty)
- Updated
Aug 21, 2022 - Python
DRF Starter Template with drf-yasg, heroku deployment ready config, CORS config
- Updated
Dec 9, 2022 - Python
TikTok Saver is a SaaS (Software as a service) for downloading and saving Tiktok videos with the highest quality and no watermark.
- Updated
Sep 21, 2023 - Python
ASGI middleware for applying CORS headers to an ASGI application
- Updated
Apr 12, 2024 - Python
Created by WHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks
Released May 2006
- Followers
- 13 followers
- Website
- fetch.spec.whatwg.org/#http-cors-protocol
- Wikipedia
- Wikipedia