SlideShare a Scribd company logo

What Is Cross-Origin Resource Sharing in Web Development.pdf

M
MPrashanth13

Cross-origin resource sharing (CORS) is an important concept in web development that allows resources to be requested from another domain outside the domain from which the resource originated.

Business
1 of 7
Download to read offline
What Is Cross-Origin Resource Sharing in Web Development Introduction Web development refers to the process of creating websites and web applications. It encompasses several disciplines like front-end development, back-end development, database management, server configuration etc. Some common types of web development include: • Static Website Development - Includes plain HTML, CSS, JavaScript sites. • Dynamic Website Development - Websites generated from server-side code like PHP, Python, Ruby etc. • Web Application Development - Complex software apps like social networks, e- commerce sites etc. • Progressive Web Apps - Mobile-first websites that work like native apps. • Single Page Applications - Apps that load single HTML page and update views without reloading. Cross-origin resource sharing (CORS) is an important concept in web development that allows resources to be requested from another domain outside the domain from which the resource originated. CORS defines a way for client web applications to access resources on a different domain than the one which served the application, enabling cross-domain data transfers. What is Cross-Origin Resource Sharing in Web Development Cross-origin resource sharing (CORS) is a mechanism that allows resources on a web page to be requested from another domain outside their own domain. It defines a way for the browser and server to interact securely via specified HTTP headers that determine whether or not to allow cross-origin requests. For example, a client-side web app served from https://domain-a.com makes a request for resources to https://domain-b.com. This is considered a cross-origin HTTP request. Without CORS, such cross-origin requests would be blocked by browsers by default as a security precaution. CORS provides a secure way to allow cross-origin requests by defining the following: • HTTP headers - Special headers like Origin, Access-Control-Allow-Origin indicate an appropriate cross-origin request. • Preflight requests - The browser makes an OPTIONS request to check if cross-origin request is allowed before making actual request.
• Credentials transfer - Cookies, authentication etc can be securely sent cross-origin. So, in summary, CORS allows servers to specify who can access their resources through specified HTTP headers. And browsers use those headers to allow cross-origin requests accordingly in a secure manner. Purpose of CORS The main purposes of CORS are: • To enable secure cross-origin data transfers between browsers and servers. • To prevent cross-origin HTTP requests from other domains that servers do not permit. • To enable modern web application to access resources securely from multiple domains. • To remove restrictions on sharing resources cross-origin imposed due to the same-origin policy. The same-origin policy restricts resources like JS from accessing resources from different origins. CORS provides a secure mechanism to lift this restriction to enable valid cross-origin requests. Implementation of CORS CORS is implemented through the use of standard HTTP headers that allow servers and browsers to handle cross-origin requests securely: 1. Origin Header This header indicates the origin domain requesting the resource. It is added automatically by browsers to all cross-origin requests. Copy codeOrigin: <https://domain-a.com> 2. Access-Control-Allow-Origin This header specifies origins allowed to access resources on the server through CORS. The server sets this in response to preflight requests. Copy codeAccess-Control-Allow-Origin: <https://domain-a.com> 3. Preflight Request For complex requests browsers first send an OPTIONS request asking if cross-origin request is allowed. Server replies with access headers. 4. Credentials Headers
Headers like Access-Control-Allow-Credentials indicate browsers whether cookies, authentication etc. can be sent cross-origin. Based on the permitted origins and headers set by servers, browsers determine whether cross- origin requests should be allowed or blocked. Why CORS is Important CORS is important and useful for the following reasons: • Enables cross-origin resource access - The primary benefit of CORS is it allows cross- domain resource access which is restricted by default otherwise. • Modern web apps require CORS - Modern JavaScript heavy apps served from one domain frequently need to access APIs on another domain. CORS enables this. • Secure data transfer - With CORS, credentials like cookies and login details can be securely sent cross-origin. • Flexibility - Resources can be used by multiple sites. Without CORS, cross-origin requests would always be blocked by browsers. • Performance - CORS allows assets like fonts to be stored on a CDN for better loading performance. • Responsive design - CORS enables content from different domains to be used on a responsive website or web app. So, in summary, CORS crucially enables cross-origin resource access on the modern web while still maintaining security protections of same-origin policy. Advantages and Disadvantages of CORS Some key advantages of using CORS include: • Secure cross-origin resource sharing. • Eliminates need for less secure techniques like JSONP. • Cookies and login credentials can be sent securely. • Easy to implement using standard HTTP headers. • Granular control for server on who can access resources. • Enables use of CDNs and assets across domains. Some potential disadvantages are: • Overhead of preflight request options check. • Access-Control headers can expose information about APIs. • Need to handle errors like CORS misconfiguration carefully. • Browsers may not support newer CORS features immediately. Is CORS a Cost Saving Factor?
CORS can potentially lead to cost savings in certain cases: • CDN Usage - Resources like images, CSS and JS files can be stored on fast, cheaper CDNs instead of same domain. • Shared Resources - Common resources and APIs can be reused across different web apps reducing duplication. • Caching - Browsers can cache CORS resources leading to fewer requests. • Productivity - CORS makes web development in Kukatpally more flexible and productive by reducing cross-origin limitations. However, CORS requires properly configuring servers to handle preflight requests and headers which takes some effort. There is also the cost of initial implementation and testing of CORS. So overall, CORS enables cost savings through improved performance, caching, shared resources usage but requires upfront configuration investment. The benefits tend to outweigh the costs in the long run for modern web applications. Benefits of CORS Some major benefits provided by Cross-Origin Resource Sharing are: • Cross-domain requests - Enables AJAX and JavaScript/browser apps to make HTTP requests to another domain. • Access control - Server can specify origins allowed access through Access-Control headers. • Credentials transfer - Cookies, HTTPS authentication can securely be sent cross- origin. • Flexibility - Resources can be used easily across domains and origins. • Performance - Assets can be served from a high-speed CDN. Saves bandwidth. • Productivity - No need for less secure workarounds. Rapid API and resource sharing. • Responsive web - Components can be safely reused across sites enabling responsive design. Overall, CORS enables key web development capabilities like cross-domain requests, responsive design and performance which would not be possible otherwise due to same-origin policy restrictions. Who is Well Known for CORS in Web Development? Some major contributors that helped define and implement CORS for web development include: • W3C Web Applications Working Group - Developed the initial CORS specification and standards. • World Wide Web Consortium (W3C) - The main standards organization for the web that publishes CORS specs.
• Browser vendors - Major browsers like Chrome, Firefox, Safari implemented support for CORS. • HTML 5 Working Group - Helped incorporate CORS into HTML 5 standard. • HTTP Working Group - Defined relevant HTTP headers like Origin for CORS implementation. • Modern web frameworks - Web development Frameworks like React, Angular, Vue.js adopted CORS to enable building complex apps. • Web developers - Adoption of CORS in apps enabled more flexible and usable web experiences. So, in summary, CORS emerged through the joint efforts of standards bodies, browser vendors, framework developers and the web dev community to meet the needs of complex modern web applications. Why Colourmoon is the Best Web Development Company in Kukatpally Colourmoon Technologies is well recognized as one of the leading web development companies based in Kukatpally, Hyderabad due to the following key strengths: • Industry experience - 10+ years’ experience building 150+ web apps for global clients. • Expertise - Specialists in latest web technologies like React, Node.js, Graph. • Methodology - Proven Agile process ensures on-time delivery of scalable and user- friendly apps. • Talent - Strong team of web architects, UI/UX designers, QA experts and digital marketers. • Support - Provides ongoing maintenance and support even after project completion. • Domain experience - Extensive experience in major industries like finance, healthcare, real estate. • Trust - 100+ satisfied clients vouch for their professionalism, transparency and timely delivery. • Awards - Recognized through global awards like AWS Advanced Consulting Partner status. • Cost effective - Competitive pricing models like fixed cost projects and dedicated developer resources. • Training - In-house training center Colourmoon Academy nurtures fresh talent. • Innovation - Heavily invests in R&D of next-gen technologies like AI, ML. So, if you are looking for an expert technology partner for web development services in Hyderabad and across India, Colourmoon Technologies is an ideal choice. Their expertise in latest web technologies combined with Agile processes enables delivery of innovative, scalable and award-winning web solutions. Final Thoughts
In summary, Cross-Origin Resource Sharing (CORS) crucially enables cross-domain requests on the modern web by allowing servers to specify permitted origins through HTTP headers. CORS makes cross-origin data transfers more flexible and secure. The benefits like increased responsiveness and performance outweigh the minor disadvantages due to the extra preflight requests. Leading web technology contributors like standards bodies, browser vendors and website frameworks were critical to the adoption of CORS. For enterprises seeking an expert web development partner to build innovative solutions using such latest technologies, Colourmoon Technologies is an ideal choice. Their extensive experience, expertise in emerging technologies and proven methodology ensures delivery of award-winning web apps optimized for performance and scale. FAQs Q: What are the key CORS security features? A: The main security features of CORS are preflight requests to check permissions, use of standard HTTP headers for access control, and options for securely sending credentials like cookies cross-origin. Q: Does CORS completely replace JSONP? A: CORS is the modern standard approach recommended for cross-origin requests instead of using less secure workarounds like JSONP which have risks. However, JSONP may still be used in some legacy apps not ready to implement CORS. Q: What are examples of CORS headers? A: Some common CORS headers are Origin, Access-Control-Allow-Origin, Access-Control- Allow-Credentials and Access-Control-Allow-Methods. Q: How does CORS affect web performance? A: Implemented properly, CORS improves performance through enabling CDN usage and browser caching of assets. The preflight requests add a bit of overhead which is usually insignificant for the benefits. Q: What are the prerequisites to implement CORS? A: CORS requires browser support, server configuration to handle OPTIONS requests and respond with appropriate headers, as well as testing cross-origin requests locally. Thank you for reading my blog, If you are looking for the best website development then, connect with us and build a responsive website.
What Is Cross-Origin Resource Sharing in Web Development.pdf

Recommended

CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
n|u - The Open Security Community
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
Ram G Athreya
 
introduction to Web system
introduction to Web systemintroduction to Web system
introduction to Web system
hashim102
 
WEB-DBMS A quick reference
WEB-DBMS A quick referenceWEB-DBMS A quick reference
WEB-DBMS A quick reference
Marc Dy
 
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech TalksDeep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Amazon Web Services
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
Alexey Bokov
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 

Recommended

CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
n|u - The Open Security Community
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...
Ram G Athreya
 
introduction to Web system
introduction to Web systemintroduction to Web system
introduction to Web system
hashim102
 
WEB-DBMS A quick reference
WEB-DBMS A quick referenceWEB-DBMS A quick reference
WEB-DBMS A quick reference
Marc Dy
 
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech TalksDeep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Amazon Web Services
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
Alexey Bokov
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
Sam Bowne
 
Chrome extensions threat analysis and countermeasures
Chrome extensions threat analysis and countermeasuresChrome extensions threat analysis and countermeasures
Chrome extensions threat analysis and countermeasures
Roel Palmaers
 
Web os
Web osWeb os
Web os
baabtra.com - No. 1 supplier of quality freshers
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
Sam Bowne
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
Case Study For Service Providers Analysis Platform
Case Study For Service Providers Analysis PlatformCase Study For Service Providers Analysis Platform
Case Study For Service Providers Analysis Platform
Mike Taylor
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
Basics of the Web Platform
Basics of the Web PlatformBasics of the Web Platform
Basics of the Web Platform
Sanjeev Verma, PhD
 
Unit v
Unit v Unit v
Unit v
APARNA P
 
Structure and Opinions - Software Deployments with Cloud Foundry
Structure and Opinions - Software Deployments with Cloud FoundryStructure and Opinions - Software Deployments with Cloud Foundry
Structure and Opinions - Software Deployments with Cloud Foundry
Andrew Ripka
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017
Amazon Web Services
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser Security
Sanjeev Verma, PhD
 
world wide web
world wide webworld wide web
world wide web
baabtra.com - No. 1 supplier of quality freshers
 
Web development services
Web development servicesWeb development services
Web development services
webinfomatrix3
 
Html cors- lior rotkovitch
Html cors- lior rotkovitchHtml cors- lior rotkovitch
Html cors- lior rotkovitch
Lior Rotkovitch
 
Case Study for Business Yellow Pages Social Networking Application
Case Study for Business Yellow Pages Social Networking ApplicationCase Study for Business Yellow Pages Social Networking Application
Case Study for Business Yellow Pages Social Networking Application
Mike Taylor
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
PPT on web development & SEO
PPT on web development & SEOPPT on web development & SEO
PPT on web development & SEO
Prakrati Bansal
 
Browser
BrowserBrowser
Browser
Shweta Oza
 
Restful webservices
Restful webservicesRestful webservices
Restful webservices
Luqman Shareef
 
7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
MPrashanth13
 
How-to-keep-your-Apps-safe-on-Google-Play.pptx
How-to-keep-your-Apps-safe-on-Google-Play.pptxHow-to-keep-your-Apps-safe-on-Google-Play.pptx
How-to-keep-your-Apps-safe-on-Google-Play.pptx
MPrashanth13
 

More Related Content

Similar to What Is Cross-Origin Resource Sharing in Web Development.pdf

Similar to What Is Cross-Origin Resource Sharing in Web Development.pdf (20)

CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Chrome extensions threat analysis and countermeasures
Chrome extensions threat analysis and countermeasuresChrome extensions threat analysis and countermeasures
Chrome extensions threat analysis and countermeasures
 
Web os
Web osWeb os
Web os
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
 
Case Study For Service Providers Analysis Platform
Case Study For Service Providers Analysis PlatformCase Study For Service Providers Analysis Platform
Case Study For Service Providers Analysis Platform
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
Basics of the Web Platform
Basics of the Web PlatformBasics of the Web Platform
Basics of the Web Platform
 
Unit v
Unit v Unit v
Unit v
 
Structure and Opinions - Software Deployments with Cloud Foundry
Structure and Opinions - Software Deployments with Cloud FoundryStructure and Opinions - Software Deployments with Cloud Foundry
Structure and Opinions - Software Deployments with Cloud Foundry
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser Security
 
world wide web
world wide webworld wide web
world wide web
 
Web development services
Web development servicesWeb development services
Web development services
 
Html cors- lior rotkovitch
Html cors- lior rotkovitchHtml cors- lior rotkovitch
Html cors- lior rotkovitch
 
Case Study for Business Yellow Pages Social Networking Application
Case Study for Business Yellow Pages Social Networking ApplicationCase Study for Business Yellow Pages Social Networking Application
Case Study for Business Yellow Pages Social Networking Application
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
PPT on web development & SEO
PPT on web development & SEOPPT on web development & SEO
PPT on web development & SEO
 
Browser
BrowserBrowser
Browser
 
Restful webservices
Restful webservicesRestful webservices
Restful webservices
 

More from MPrashanth13

More from MPrashanth13 (13)

7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
7 Digital Marketing Tips To Grow Your Small Business In 2024.pptx
 
How-to-keep-your-Apps-safe-on-Google-Play.pptx
How-to-keep-your-Apps-safe-on-Google-Play.pptxHow-to-keep-your-Apps-safe-on-Google-Play.pptx
How-to-keep-your-Apps-safe-on-Google-Play.pptx
 
Introduction to Fitness App | Colourmon Technologies
Introduction to Fitness App | Colourmon TechnologiesIntroduction to Fitness App | Colourmon Technologies
Introduction to Fitness App | Colourmon Technologies
 
Introduction to Google My Business- Online Presence
Introduction to Google My Business- Online PresenceIntroduction to Google My Business- Online Presence
Introduction to Google My Business- Online Presence
 
Digital Marketing for Startups.pdf
Digital Marketing for Startups.pdfDigital Marketing for Startups.pdf
Digital Marketing for Startups.pdf
 
streamline-your-hydration-unleashing-the-potential-of-water-delivery-app-deve...
streamline-your-hydration-unleashing-the-potential-of-water-delivery-app-deve...streamline-your-hydration-unleashing-the-potential-of-water-delivery-app-deve...
streamline-your-hydration-unleashing-the-potential-of-water-delivery-app-deve...
 
Taxi Booking App Development Company
Taxi Booking App Development CompanyTaxi Booking App Development Company
Taxi Booking App Development Company
 
OTT App Development
OTT App DevelopmentOTT App Development
OTT App Development
 
Developement of apps.pptx
Developement of apps.pptxDevelopement of apps.pptx
Developement of apps.pptx
 
App Developement.pptx
App Developement.pptxApp Developement.pptx
App Developement.pptx
 
Mastering Medical Practice Management A Guide to Developing Effective Softwar...
Mastering Medical Practice Management A Guide to Developing Effective Softwar...Mastering Medical Practice Management A Guide to Developing Effective Softwar...
Mastering Medical Practice Management A Guide to Developing Effective Softwar...
 
Top-Food-App-Delivery-Development-Company.pptx
Top-Food-App-Delivery-Development-Company.pptxTop-Food-App-Delivery-Development-Company.pptx
Top-Food-App-Delivery-Development-Company.pptx
 
Short Video App Development Complete Guide 2023
Short Video App Development Complete Guide 2023 Short Video App Development Complete Guide 2023
Short Video App Development Complete Guide 2023
 

Recently uploaded

The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 

Recently uploaded (20)

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 

What Is Cross-Origin Resource Sharing in Web Development.pdf

  • 1. What Is Cross-Origin Resource Sharing in Web Development Introduction Web development refers to the process of creating websites and web applications. It encompasses several disciplines like front-end development, back-end development, database management, server configuration etc. Some common types of web development include: • Static Website Development - Includes plain HTML, CSS, JavaScript sites. • Dynamic Website Development - Websites generated from server-side code like PHP, Python, Ruby etc. • Web Application Development - Complex software apps like social networks, e- commerce sites etc. • Progressive Web Apps - Mobile-first websites that work like native apps. • Single Page Applications - Apps that load single HTML page and update views without reloading. Cross-origin resource sharing (CORS) is an important concept in web development that allows resources to be requested from another domain outside the domain from which the resource originated. CORS defines a way for client web applications to access resources on a different domain than the one which served the application, enabling cross-domain data transfers. What is Cross-Origin Resource Sharing in Web Development Cross-origin resource sharing (CORS) is a mechanism that allows resources on a web page to be requested from another domain outside their own domain. It defines a way for the browser and server to interact securely via specified HTTP headers that determine whether or not to allow cross-origin requests. For example, a client-side web app served from https://domain-a.com makes a request for resources to https://domain-b.com. This is considered a cross-origin HTTP request. Without CORS, such cross-origin requests would be blocked by browsers by default as a security precaution. CORS provides a secure way to allow cross-origin requests by defining the following: • HTTP headers - Special headers like Origin, Access-Control-Allow-Origin indicate an appropriate cross-origin request. • Preflight requests - The browser makes an OPTIONS request to check if cross-origin request is allowed before making actual request.
  • 2. • Credentials transfer - Cookies, authentication etc can be securely sent cross-origin. So, in summary, CORS allows servers to specify who can access their resources through specified HTTP headers. And browsers use those headers to allow cross-origin requests accordingly in a secure manner. Purpose of CORS The main purposes of CORS are: • To enable secure cross-origin data transfers between browsers and servers. • To prevent cross-origin HTTP requests from other domains that servers do not permit. • To enable modern web application to access resources securely from multiple domains. • To remove restrictions on sharing resources cross-origin imposed due to the same-origin policy. The same-origin policy restricts resources like JS from accessing resources from different origins. CORS provides a secure mechanism to lift this restriction to enable valid cross-origin requests. Implementation of CORS CORS is implemented through the use of standard HTTP headers that allow servers and browsers to handle cross-origin requests securely: 1. Origin Header This header indicates the origin domain requesting the resource. It is added automatically by browsers to all cross-origin requests. Copy codeOrigin: <https://domain-a.com> 2. Access-Control-Allow-Origin This header specifies origins allowed to access resources on the server through CORS. The server sets this in response to preflight requests. Copy codeAccess-Control-Allow-Origin: <https://domain-a.com> 3. Preflight Request For complex requests browsers first send an OPTIONS request asking if cross-origin request is allowed. Server replies with access headers. 4. Credentials Headers
  • 3. Headers like Access-Control-Allow-Credentials indicate browsers whether cookies, authentication etc. can be sent cross-origin. Based on the permitted origins and headers set by servers, browsers determine whether cross- origin requests should be allowed or blocked. Why CORS is Important CORS is important and useful for the following reasons: • Enables cross-origin resource access - The primary benefit of CORS is it allows cross- domain resource access which is restricted by default otherwise. • Modern web apps require CORS - Modern JavaScript heavy apps served from one domain frequently need to access APIs on another domain. CORS enables this. • Secure data transfer - With CORS, credentials like cookies and login details can be securely sent cross-origin. • Flexibility - Resources can be used by multiple sites. Without CORS, cross-origin requests would always be blocked by browsers. • Performance - CORS allows assets like fonts to be stored on a CDN for better loading performance. • Responsive design - CORS enables content from different domains to be used on a responsive website or web app. So, in summary, CORS crucially enables cross-origin resource access on the modern web while still maintaining security protections of same-origin policy. Advantages and Disadvantages of CORS Some key advantages of using CORS include: • Secure cross-origin resource sharing. • Eliminates need for less secure techniques like JSONP. • Cookies and login credentials can be sent securely. • Easy to implement using standard HTTP headers. • Granular control for server on who can access resources. • Enables use of CDNs and assets across domains. Some potential disadvantages are: • Overhead of preflight request options check. • Access-Control headers can expose information about APIs. • Need to handle errors like CORS misconfiguration carefully. • Browsers may not support newer CORS features immediately. Is CORS a Cost Saving Factor?
  • 4. CORS can potentially lead to cost savings in certain cases: • CDN Usage - Resources like images, CSS and JS files can be stored on fast, cheaper CDNs instead of same domain. • Shared Resources - Common resources and APIs can be reused across different web apps reducing duplication. • Caching - Browsers can cache CORS resources leading to fewer requests. • Productivity - CORS makes web development in Kukatpally more flexible and productive by reducing cross-origin limitations. However, CORS requires properly configuring servers to handle preflight requests and headers which takes some effort. There is also the cost of initial implementation and testing of CORS. So overall, CORS enables cost savings through improved performance, caching, shared resources usage but requires upfront configuration investment. The benefits tend to outweigh the costs in the long run for modern web applications. Benefits of CORS Some major benefits provided by Cross-Origin Resource Sharing are: • Cross-domain requests - Enables AJAX and JavaScript/browser apps to make HTTP requests to another domain. • Access control - Server can specify origins allowed access through Access-Control headers. • Credentials transfer - Cookies, HTTPS authentication can securely be sent cross- origin. • Flexibility - Resources can be used easily across domains and origins. • Performance - Assets can be served from a high-speed CDN. Saves bandwidth. • Productivity - No need for less secure workarounds. Rapid API and resource sharing. • Responsive web - Components can be safely reused across sites enabling responsive design. Overall, CORS enables key web development capabilities like cross-domain requests, responsive design and performance which would not be possible otherwise due to same-origin policy restrictions. Who is Well Known for CORS in Web Development? Some major contributors that helped define and implement CORS for web development include: • W3C Web Applications Working Group - Developed the initial CORS specification and standards. • World Wide Web Consortium (W3C) - The main standards organization for the web that publishes CORS specs.
  • 5. • Browser vendors - Major browsers like Chrome, Firefox, Safari implemented support for CORS. • HTML 5 Working Group - Helped incorporate CORS into HTML 5 standard. • HTTP Working Group - Defined relevant HTTP headers like Origin for CORS implementation. • Modern web frameworks - Web development Frameworks like React, Angular, Vue.js adopted CORS to enable building complex apps. • Web developers - Adoption of CORS in apps enabled more flexible and usable web experiences. So, in summary, CORS emerged through the joint efforts of standards bodies, browser vendors, framework developers and the web dev community to meet the needs of complex modern web applications. Why Colourmoon is the Best Web Development Company in Kukatpally Colourmoon Technologies is well recognized as one of the leading web development companies based in Kukatpally, Hyderabad due to the following key strengths: • Industry experience - 10+ years’ experience building 150+ web apps for global clients. • Expertise - Specialists in latest web technologies like React, Node.js, Graph. • Methodology - Proven Agile process ensures on-time delivery of scalable and user- friendly apps. • Talent - Strong team of web architects, UI/UX designers, QA experts and digital marketers. • Support - Provides ongoing maintenance and support even after project completion. • Domain experience - Extensive experience in major industries like finance, healthcare, real estate. • Trust - 100+ satisfied clients vouch for their professionalism, transparency and timely delivery. • Awards - Recognized through global awards like AWS Advanced Consulting Partner status. • Cost effective - Competitive pricing models like fixed cost projects and dedicated developer resources. • Training - In-house training center Colourmoon Academy nurtures fresh talent. • Innovation - Heavily invests in R&D of next-gen technologies like AI, ML. So, if you are looking for an expert technology partner for web development services in Hyderabad and across India, Colourmoon Technologies is an ideal choice. Their expertise in latest web technologies combined with Agile processes enables delivery of innovative, scalable and award-winning web solutions. Final Thoughts
  • 6. In summary, Cross-Origin Resource Sharing (CORS) crucially enables cross-domain requests on the modern web by allowing servers to specify permitted origins through HTTP headers. CORS makes cross-origin data transfers more flexible and secure. The benefits like increased responsiveness and performance outweigh the minor disadvantages due to the extra preflight requests. Leading web technology contributors like standards bodies, browser vendors and website frameworks were critical to the adoption of CORS. For enterprises seeking an expert web development partner to build innovative solutions using such latest technologies, Colourmoon Technologies is an ideal choice. Their extensive experience, expertise in emerging technologies and proven methodology ensures delivery of award-winning web apps optimized for performance and scale. FAQs Q: What are the key CORS security features? A: The main security features of CORS are preflight requests to check permissions, use of standard HTTP headers for access control, and options for securely sending credentials like cookies cross-origin. Q: Does CORS completely replace JSONP? A: CORS is the modern standard approach recommended for cross-origin requests instead of using less secure workarounds like JSONP which have risks. However, JSONP may still be used in some legacy apps not ready to implement CORS. Q: What are examples of CORS headers? A: Some common CORS headers are Origin, Access-Control-Allow-Origin, Access-Control- Allow-Credentials and Access-Control-Allow-Methods. Q: How does CORS affect web performance? A: Implemented properly, CORS improves performance through enabling CDN usage and browser caching of assets. The preflight requests add a bit of overhead which is usually insignificant for the benefits. Q: What are the prerequisites to implement CORS? A: CORS requires browser support, server configuration to handle OPTIONS requests and respond with appropriate headers, as well as testing cross-origin requests locally. Thank you for reading my blog, If you are looking for the best website development then, connect with us and build a responsive website.