Can someone please give me a more beginner oriente...
# ktorh
Hamza
08/09/2018, 5:08 AMCan someone please give me a more beginner oriented explanation for CORS? I read up on it and watched some stuff but I just don't get it :*
r
rocketraman
08/09/2018, 5:28 AMThe basic idea is that CORS is a way for servers to tell browsers, via headers, what they are and are not allowed do with respect to cross-origin requests i.e. requests to origins other than the one that loaded the page. Does that help?
f
frellan
08/09/2018, 7:04 AMI have problems with this too, how do this work when you have a SPA? The SPA can call whatever but the server cant? I dont get it.
t
tipsy
08/09/2018, 1:44 PMthere is no difference between an SPA an a old fashioned "website"
tipsy
08/09/2018, 1:50 PMif spa/website is running on a different origin, it will have to ask for permission before sending certain requests (POST/PUT/ETC). the client does this by sending pre-flight requests (OPTIONS) to the server.
when the server receives these OPTIONS requests, it determines what should be allowed and attaches headers to the responses
if the appropriate header is set, the client (spa/website) will then be able to perform the request it wanted to (POST/PUT/ETC)
h
Hamza
08/09/2018, 1:53 PMSo it's pretty much to protect your data from people stealing data from headers
🚫 4
r
rocketraman
08/09/2018, 1:58 PMIt's a layer in your site's security, and is mostly to protect against malicious JavaScript on somebody else's page, like one might find with a CSRF attack. The are other benefits too. See https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing.
h
Hamza
08/09/2018, 1:59 PMOk. I'll read it up. Thanks
2 Views