Cross-Origin Resource Sharing (CORS) is a security mechanism implemented by web browsers to control
how web pages from one domain can access resources from another domain.
How CORS Works:
- Browser sends a preflight OPTIONS request for complex requests
- Server responds with allowed origins, methods, and headers
- Browser allows or blocks the actual request based on the response
Important CORS Headers:
- Access-Control-Allow-Origin: Specifies allowed origins
- Access-Control-Allow-Methods: Specifies allowed HTTP methods
- Access-Control-Allow-Headers: Specifies allowed request headers
- Access-Control-Max-Age: Specifies preflight cache duration
- Access-Control-Allow-Credentials: Allows cookies and credentials
Common CORS Issues:
- Missing Access-Control-Allow-Origin header
- Wildcard (*) origin with credentials
- Preflight request failures
- Incorrect method or header permissions
Note: CORS is a browser security feature. Server-to-server requests and tools like curl
don't enforce CORS policies. This tool simulates browser CORS checks.