CORS ( Cross Origin Resource Sharing )

Cross Origin Resource Sharing is a mechanism that uses HTTP headers to define origins that the browser permit loading resources.

Same-Origin Policy (SOP) -

Same-Origin Policy (SOP) is a rule that is enforced by browser to control access to data between web applications.

Suppose you are running two web applications in your browsers two different tab. One is bank application and another one is shopping application by default the interaction between these two application is limited.

Suppose your bank web application is logged in your browser and you visit the shopping website which is malicious and build to access your bank web application for getting sensitive information from bank web application. To prevent such kind of things there one features implemented by web browser called as SOP

This dose not prevent writing between web application, it prevents reading between web applications.

The reading access is based on the Origin of the request

For Example if your browser see’s that the request is Originated from the Malicious Shopping web application to read the data from bank web application then it will block the access due to implementation of SOP

What is Origin ??

In web security, the Origin refers to where a request is coming from. For example, if your site is at https://example.com, and it receives a request…