Please note, this is a STATIC archive of website developer.mozilla.org from November 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

CORS

Наши волонтёры ещё не перевели данную статью на Русский. Присоединяйтесь к нам и помогите закончить эту работу!

CORS (Cross-Origin Resource Sharing) is a system, consisting of transmitting HTTP headers, that determines whether to block or fulfill requests for restricted resources on a web page from another domain outside the domain from which the resource originated.

The same-origin security policy forbids "cross-domain" requests by default, CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers.

Learn more

General knowledge

CORS headers

Access-Control-Allow-Origin
Indicates whether the response can be shared.
Access-Control-Allow-Credentials
Indicates whether or not the response to the request can be exposed when the credentials flag is true.
Access-Control-Allow-Headers
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Access-Control-Allow-Methods
Specifies the method or methods allowed when accessing the resource in response to a preflight request.
Access-Control-Expose-Headers
Indicates which headers can be exposed as part of the response by listing their names.
Access-Control-Max-Age
Indicates how long the results of a preflight request can be cached.
Access-Control-Request-Headers
Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-Method
Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
Origin
Indicates where a fetch originates from.

Technical reference

Метки документа и участники

 Внесли вклад в эту страницу: teoli, fscholz, claudiahdz, dvincent, PetiPandaRou, klez, Andrew_Pfeiffer
 Обновлялась последний раз: teoli,