Repository navigation
Cross-origin resource sharing (CORS)
Created by WHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks
发布于 May 2006
- Website
- fetch.spec.whatwg.org
- Wikipedia
- 维基百科
相关主题
AjaxCross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
Resource types
- Invocations of
fetch()orXMLHttpRequest - Web Fonts (for cross-domain font usage in
@font-facewithin CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so - WebGL textures
- Images/video frames drawn to a canvas using
drawImage() - CSS shapes from images
- scripts
- iframes
Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application
Node.js CORS middleware
Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)
💖 ASP.NET Core 8.0 全家桶教程,前后端分离后端接口,vue教程姊妹篇,官方文档:
Selfhosted alternative to 12ft.io. and 1ft.io bypass paywalls with a proxy ladder and remove CORS headers from any URL
A pure JavaScript CORS alternative
🔋 Starter project for an ES6 RESTful Express API.
Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application
CORS Misconfiguration Scanner
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
A Laravel 5.8 API Boilerplate to create a ready-to-use REST API in seconds.
🎯 Fast CORS misconfiguration vulnerabilities scanner
REST API boilerplate using NodeJS and KOA2, typescript. Logging and JWT as middlewares. TypeORM with class-validator, SQL CRUD. Docker included. Swagger docs, actions CI and valuable README
.Net 8 、SqlSugar ORM、Vue 2.X、RBAC、前后端分离的开箱则用的企业级中后台权限管理系统
Cross Origin Resource Sharing ( CORS ) support for Flask
🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
👽 Pull content from any page as JSON via API
⛓ Extract web links information: title, description, images, videos, etc. [via OpenGraph], runs on mobiles and node.