WEB/Security

Lesson 10 - (Cross-Origin Resource Sharing) CORS

Tony Lim 2022. 5. 6. 13:08
728x90

example.com -> example.org (process request) send response -> browser won't allow because domain is different from example.com -> throw error

notice method (org) still get called but the response is getting blocked

csrf totally blocks method calling even request. it is the difference

we can have whitelist and allow some domain(origin)

 

preflight request = test request if endpoint is alive?

cors can be configured jsut like csrf with lambda

 

 

 

728x90