CORS protocol
E242816
The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.
All labels observed (4)
| Label | Occurrences |
|---|---|
| CORS | 2 |
| Cross-Origin Resource Sharing | 2 |
| CORS protocol canonical | 1 |
| Cross-Origin Resource Sharing specification | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T2174714 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: CORS protocol Context triple: [Fetch Standard, defines, CORS protocol]
-
A.
RFC 7235
RFC 7235 is an IETF specification that defined the HTTP/1.1 authentication framework, including the use of challenge-response mechanisms like Basic and Digest authentication.
-
B.
RFC 7230
RFC 7230 is an IETF standard that specifies the core message syntax and routing semantics for the Hypertext Transfer Protocol (HTTP/1.1), including its use over secure transport like HTTPS.
-
C.
HTTP
HTTP (Hypertext Transfer Protocol) is the foundational application-layer protocol used for transmitting web pages and other resources across the World Wide Web.
-
D.
CSP
CSP is the commonly used abbreviation for the Conference of the States Parties, the main decision-making body overseeing implementation of the Chemical Weapons Convention.
-
E.
HTTPS
HTTPS is the secure version of the HTTP protocol that encrypts data exchanged between a client and server to protect confidentiality and integrity on the web.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: CORS protocol Target entity description: The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.
-
A.
RFC 7235
RFC 7235 is an IETF specification that defined the HTTP/1.1 authentication framework, including the use of challenge-response mechanisms like Basic and Digest authentication.
-
B.
RFC 7230
RFC 7230 is an IETF standard that specifies the core message syntax and routing semantics for the Hypertext Transfer Protocol (HTTP/1.1), including its use over secure transport like HTTPS.
-
C.
HTTP
HTTP (Hypertext Transfer Protocol) is the foundational application-layer protocol used for transmitting web pages and other resources across the World Wide Web.
-
D.
CSP
CSP is the commonly used abbreviation for the Conference of the States Parties, the main decision-making body overseeing implementation of the Chemical Weapons Convention.
-
E.
HTTPS
HTTPS is the secure version of the HTTP protocol that encrypts data exchanged between a client and server to protect confidentiality and integrity on the web.
- F. None of above. chosen
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
Browser security feature
ⓘ
Cross-origin resource sharing mechanism ⓘ Web security mechanism ⓘ |
| abbreviation |
CORS protocol
self-linksurface differs
ⓘ
surface form:
CORS
|
| allows |
Cross-origin DELETE requests when permitted by server
ⓘ
Cross-origin GET requests when permitted by server ⓘ Cross-origin POST requests when permitted by server ⓘ Cross-origin PUT requests when permitted by server ⓘ Cross-origin custom headers when permitted by server ⓘ |
| appliesTo |
HTTP protocol
ⓘ
Web browsers ⓘ |
| basedOn | Same-origin policy ⓘ |
| configuredBy | Resource server ⓘ |
| controls | Cross-origin HTTP requests ⓘ |
| definedIn |
CORS processing model
ⓘ
surface form:
W3C CORS specification
|
| enforcedBy | User agent ⓘ |
| fullName |
CORS protocol
self-linksurface differs
ⓘ
surface form:
Cross-Origin Resource Sharing
|
| governs |
Which HTTP methods are allowed cross-origin
ⓘ
Which origins may access a resource ⓘ Which request headers are allowed cross-origin ⓘ Which response headers are exposed to JavaScript ⓘ |
| implementedBy | Modern web browsers ⓘ |
| purpose |
Enable safe resource sharing between different origins
ⓘ
Prevent unauthorized cross-origin requests ⓘ Relax same-origin policy in a controlled way ⓘ |
| relatedTo |
AJAX
ⓘ
Fetch API ⓘ Same-origin policy ⓘ AJAX ⓘ
surface form:
XMLHttpRequest
|
| requiresForCredentials |
Access-Control-Allow-Credentials: true
ⓘ
Non-wildcard Access-Control-Allow-Origin value ⓘ |
| restricts | Reading responses from disallowed origins ⓘ |
| securityProperty |
Does not protect the server itself but protects browser users
ⓘ
Relies on server-specified policy ⓘ |
| standardizedBy |
World Wide Web Consortium
ⓘ
surface form:
W3C
|
| supports |
Credentialed requests
ⓘ
Non-credentialed requests ⓘ Preflighted requests ⓘ Simple requests ⓘ |
| supportsCredentials | true ⓘ |
| usesHeader |
Access-Control-Allow-Credentials
ⓘ
Access-Control-Allow-Headers ⓘ Access-Control-Allow-Methods ⓘ Access-Control-Allow-Origin ⓘ Access-Control-Expose-Headers ⓘ Access-Control-Max-Age ⓘ Access-Control-Request-Headers ⓘ Access-Control-Request-Method ⓘ Origin ⓘ |
| usesMechanism | Preflight OPTIONS request for non-simple requests ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: CORS protocol Description of subject: The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.
Referenced by (6)
Full triples — surface form annotated when it differs from this entity's canonical label.