Cross-origin resource sharing (CORS) topic

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, fetch() and XMLHttpRequest follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.

Resource types

  • Invocations of fetch() or XMLHttpRequest
  • Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do so
  • WebGL textures
  • Images/video frames drawn to a canvas using drawImage()
  • CSS shapes from images
  • scripts
  • iframes

List Cross-origin resource sharing (CORS) repositories

YellowNotes

33
Stars
22
Forks
Watchers

Sample ASP.NET Web API project with OAuth authentication and many other extensions.

verified publisher icon lkurzyniec

cloudflare-cors-anywhere

588
Stars
219
Forks
Watchers

CORS "anywhere" proxy in a Cloudflare worker. DEMO at: https://test.cors.workers.dev/

verified publisher icon Zibri

java-sec-code

2.3k
Stars
615
Forks
Watchers

Java web common vulnerabilities and security code which is base on springboot and spring security

verified publisher icon JoyChou93

iris

25.0k
Stars
2.5k
Forks
Watchers

The fastest HTTP/2 Go Web Framework. New, modern and easy to learn. Fast development with Code you control. Unbeatable cost-performance ratio :rocket:

verified publisher icon kataras

laravel-cors

602
Stars
60
Forks
Watchers

Send CORS headers in a Laravel application

verified publisher icon spatie

CORScanner

989
Stars
176
Forks
Watchers

🎯 Fast CORS misconfiguration vulnerabilities scanner

verified publisher icon chenjj

XRCross

322
Stars
69
Forks
Watchers

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

verified publisher icon pikpikcu

web-security-fundamentals

255
Stars
116
Forks
Watchers

Mike North's Web Security Course

verified publisher icon mike-works

spring-boot-start-current

254
Stars
88
Forks
Watchers

Spring Boot 脚手架 Mybatis Spring Security JWT 权限 Spring Cache + Redis

verified publisher icon yujunhao8831

node-typescript-koa-rest

995
Stars
173
Forks
Watchers

REST API boilerplate using NodeJS and KOA2, typescript. Logging and JWT as middlewares. TypeORM with class-validator, SQL CRUD. Docker included. Swagger docs, actions CI and valuable README

verified publisher icon javieraviles