Hey, Allocaters! Hoping you are good wherever you are. Today, want to share about something cute named CORS. Because it isn't April 1st, I will not give you any kind of fake information absolutely.
So, what's CORS?
Cross-origin Resource Sharing (CORS) is a mechanism that allows restricted resource on a web page to be requested from another domain outside the domain which the first resource was served. [1]
Simply, we often use CORS if our application will interact with some kinds of external resources (API). In this case, our allocateam project is dividing the front-end and the back-end into different microservices, and the back-end is served as a API. So, we have to use CORS to be allowed accessing the API.
There are many ways and modifications that can be applied when we are going to use CORS. The simplest way is put the Access-Control-Allow-Origin: http://www.example.com in the response's header on the requested resource. http://www.example.com is an example of the allowed domain. We also can change the link to be * to allow all domains, according to the credentials and functionality of the service. So CORS can support the security of our application.
I think that's enough. Maybe in the future I will discuss more about the functionality of CORS along the development of allocateam that will modify -a lot- the features of CORS.
See you!
Reference
[1] July 6, 2009 by Arun Ranganathan (2009-07-06). "cross-site xmlhttprequest with CORS ✩ Mozilla Hacks – the Web developer blog". Hacks.mozilla.org. Retrieved 2012-07-05.
0 komentar:
Post a Comment