CORS protocol

E242816

The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.

All labels observed (4)

Label Occurrences
CORS 2
Cross-Origin Resource Sharing 2
CORS protocol canonical 1

How this entity was disambiguated

Statements (50)

Predicate Object
instanceOf Browser security feature
Cross-origin resource sharing mechanism
Web security mechanism
abbreviation CORS protocol self-linksurface differs
surface form: CORS
allows Cross-origin DELETE requests when permitted by server
Cross-origin GET requests when permitted by server
Cross-origin POST requests when permitted by server
Cross-origin PUT requests when permitted by server
Cross-origin custom headers when permitted by server
appliesTo HTTP protocol
Web browsers
basedOn Same-origin policy
configuredBy Resource server
controls Cross-origin HTTP requests
definedIn CORS processing model
surface form: W3C CORS specification
enforcedBy User agent
fullName CORS protocol self-linksurface differs
surface form: Cross-Origin Resource Sharing
governs Which HTTP methods are allowed cross-origin
Which origins may access a resource
Which request headers are allowed cross-origin
Which response headers are exposed to JavaScript
implementedBy Modern web browsers
purpose Enable safe resource sharing between different origins
Prevent unauthorized cross-origin requests
Relax same-origin policy in a controlled way
relatedTo AJAX
Fetch API
Same-origin policy
AJAX
surface form: XMLHttpRequest
requiresForCredentials Access-Control-Allow-Credentials: true
Non-wildcard Access-Control-Allow-Origin value
restricts Reading responses from disallowed origins
securityProperty Does not protect the server itself but protects browser users
Relies on server-specified policy
standardizedBy World Wide Web Consortium
surface form: W3C
supports Credentialed requests
Non-credentialed requests
Preflighted requests
Simple requests
supportsCredentials true
usesHeader Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Allow-Origin
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Origin
usesMechanism Preflight OPTIONS request for non-simple requests

How these facts were elicited

Referenced by (6)

Full triples — surface form annotated when it differs from this entity's canonical label.

Fetch Standard defines CORS protocol
CORS protocol fullName CORS protocol self-linksurface differs
this entity surface form: Cross-Origin Resource Sharing
CORS protocol abbreviation CORS protocol self-linksurface differs
this entity surface form: CORS
CORS processing model definedInStandard CORS protocol
this entity surface form: Cross-Origin Resource Sharing specification
Open Web Platform hasComponent CORS protocol
this entity surface form: CORS
W3C Web Application technologies includesStandard CORS protocol
this entity surface form: Cross-Origin Resource Sharing