Can someone please give me a more beginner oriented explanation for CORS? I read up on it and watche...

Hamza

08/09/2018, 5:08 AM

Can someone please give me a more beginner oriented explanation for CORS? I read up on it and watched some stuff but I just don't get it :*

rocketraman

08/09/2018, 5:28 AM

The basic idea is that CORS is a way for servers to tell browsers, via headers, what they are and are not allowed do with respect to cross-origin requests i.e. requests to origins other than the one that loaded the page. Does that help?

frellan

08/09/2018, 7:04 AM

I have problems with this too, how do this work when you have a SPA? The SPA can call whatever but the server cant? I dont get it.

tipsy

08/09/2018, 1:44 PM

there is no difference between an SPA an a old fashioned "website"

tipsy

08/09/2018, 1:50 PM

if spa/website is running on a different origin, it will have to ask for permission before sending certain requests (POST/PUT/ETC). the client does this by sending pre-flight requests (OPTIONS) to the server. when the server receives these OPTIONS requests, it determines what should be allowed and attaches headers to the responses if the appropriate header is set, the client (spa/website) will then be able to perform the request it wanted to (POST/PUT/ETC)

Hamza

08/09/2018, 1:53 PM

So it's pretty much to protect your data from people stealing data from headers

🚫 4

rocketraman

08/09/2018, 1:58 PM

It's a layer in your site's security, and is mostly to protect against malicious JavaScript on somebody else's page, like one might find with a CSRF attack. The are other benefits too. See https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing.

Hamza

08/09/2018, 1:59 PM

Ok. I'll read it up. Thanks

5 Views

Open in Slack

Previous Next

kotlinlang

A modern programming language that makes developers happier.