CORS, yaani Cross-Origin Resource Sharing, ek web security feature hai jo browsers mein implement hota hai. Iska main purpose hai web pages ko restrict karna, taki ek origin (domain) se aane wale resources ko dusre origin par access karne se bachaya ja sake.
Web security policy ke tahat, browsers web pages ke JavaScript code ko limit karte hain taki woh sirf apne origin ke resources tak hi access kar sake. Agar ek web page ne kisi dusre origin ke resources ko access karne ki koshish ki, toh CORS us request ko block kar dega.
CORS kaam kaise karta hai:
1. Origin Header : Server response mein "Access-Control-Allow-Origin" header hota hai, jisme woh origins list hoti hain jinse requests allow ki ja sakti hain. Agar yeh header missing hai ya phir specified origin se match nahi karta, to browser request ko block kar dega.
2. HTTP Methods : CORS specify karta hai ki kaun-kaun se HTTP methods (GET, POST, etc.) allow hain. Yadi server allow nahi karta hai, to browser request ko block karega.
3. Headers : CORS allow karta hai server ko specify karna ki kaun se headers cross-origin request ke liye allow hain.
4. Credentials : Agar aap credentials (jaise ki cookies ya HTTP authentication) ke sath cross-origin request bhej rahe hain, to server ko "Access-Control-Allow-Credentials" header se allow karna padta hai.
CORS security enhance karta hai, kyunki isse unauthorized access se bacha ja sakta hai, lekin sahi tarah se configure karna important hai taki legitimate requests block na ho.