Preface
Three years ago, I wrote an article: Easy Understanding of AJAX and Cross-Origin Requests, which mentioned API integration, AJAX, same-origin policy, JSONP, and CORS. At that time, I put everything I wanted to say into it, but looking back now, it seems that many important parts were not mentioned.
Three years later, I am challenging this topic again and trying to express it more completely.
The reason why I want to write this series is that CORS is a frequently asked topic in programming-related discussion forums, and both front-end and back-end developers may ask related questions.
So I thought: “Okay, then I’ll write a series. I want to try to write this topic so that everyone who encounters CORS problems will come to see this series, and after reading it, they will know how to solve the problem.” This is my goal for this article. If the quality of the article cannot achieve this goal, I will continue to improve it.
This series consists of six articles:
- CORS Complete Guide (Part 1): Why CORS Errors Occur?
- CORS Complete Guide (Part 2): How to Solve CORS Problems?
- CORS Complete Guide (Part 3): CORS Detailed Explanation
- CORS Complete Guide (Part 4): Let’s Look at the Specification Together
- CORS Complete Guide (Part 5): Security Issues of Cross-Origin Requests
- CORS Complete Guide (Part 6): Summary, Afterword, and Leftovers
It will start from the same-origin policy, then talk about why there are errors when accessing resources across origins, and then talk about how to solve CORS-related problems correctly and incorrectly. The third article will explain in detail the detailed process of cross-origin requests, such as preflight requests.
The basic part is enough to read the first three articles, and the following will be a bit deeper. The fourth article will take you to look at the spec together, proving that the previous articles were not nonsense, and the fifth article will show you cross-origin-related regulations such as CORB (Cross-Origin Read Blocking), COEP (Cross-Origin Embedder Policy), or COOP (Cross-Origin-Opener-Policy), and related security issues. The last article will be some scattered topics and thoughts.