CORS
Cross-Origin Resource Sharing: a security mechanism that controls which domains can access your API. The browser enforces it; the server configures it.
What is CORS?
Cross-Origin Resource Sharing: a security mechanism that controls which domains can access your API. The browser enforces it; the server configures it.
CORS is a intermediate-level concept that sits in the Security Architecture area of system design. Engineers reach for it whenever they need to reason about real-world trade-offs in that space — not just for textbook correctness, but because real production systems at companies like Netflix, Amazon, and Google make these decisions every day.
If you want to go deeper than this definition — with diagrams, code, and a quiz to lock it in — work through the "CORS" lesson linked below. It walks through the why, the mechanism, the trade-offs, and how the giants actually use it in production.
Learn CORS in depth
Full interactive lesson with diagrams, code examples, real-world references, and a quiz.
Open the CORS lessonRelated lessons
Lessons that touch on CORS as part of a larger topic.
See also
Related glossary terms you might want to look up next.
HTTP
The protocol powering the web. A request-response model where clients ask for resources and servers respond. Stateless by design.
REST API
An architectural style for building APIs using standard HTTP methods (GET, POST, PUT, DELETE). Resources are identified by URLs.
SSL/TLS
Cryptographic protocols that encrypt data in transit between client and server. TLS is the modern successor to SSL. The 'S' in HTTPS.