Cross Origin Resource Sharing

Explore the fundamentals of Cross Origin Resource Sharing (CORS) and how it manages cross-domain AJAX requests through HTTP headers. Understand the security risks of same-origin policies, the use of Access-Control-Allow-Origin, and how browsers enforce CORS to protect user sessions and prevent unauthorized actions on your web application.

We'll cover the following...

- - 🔑 CORS vs proxies

Same origin requests

On the browser HTTP requests can only be triggered across the same origin through JavaScript. Simply put, an AJAX request from example.com can only connect to example.com.

This is because your browser contains useful information for an attacker, cookies, which are generally used to keep track of the user’s session. Imagine if an attacker would set up a malicious page at win-a-hummer.com that immediately triggers an AJAX request to your-bank.com. If you’re logged in on the bank’s website, the attacker would then be able to execute HTTP requests with your credentials, potentially stealing your information or, worse, wiping your bank account out.

Cross origin resource sharing directives

There might be some cases, though, that require you to execute cross-origin AJAX requests, and that is why browsers implement Cross Origin Resource Sharing (CORS), a set of directives that ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

Cross Origin Resource Sharing

Same origin requests

Cross origin resource sharing directives