Security
CORS
Cross-Origin Resource Sharing, a mechanism that controls which domains can access your API.
Why it matters
- Prevents unauthorized cross-site requests
- Required for browser-based API access
- Protects against certain attack vectors
When to use
- When your API is accessed from different domains
- For any web application with a separate API
- When building public APIs
Common mistakes
- Using wildcard origins in production
- Not understanding preflight requests
- Misconfiguring allowed methods and headers
Related terms
Need help implementing?
Ready to build with CORS?
Let us help you implement this in your project.