Tiny Frontend Logo
Posts 0110

On This Page

1. What's Happening Behind the Scenes?
2. Cross-Origin Request
3. Enable CORS with Headers
4. Conclusion

Cross-Origin Resource Sharing (CORS)

Please imagine you're building a spiffy weather application using JavaScript and you want to display live weather data from a popular weather service.

async function fetchWeatherData () {
    const response = await fetch(
        'https://api.weather.com'
    );
    console.log('weather', response);
}

You fire up your application, open the browser console, and… nothing. No weather data!!!

What's Happening Behind the Scenes?

Browser performs a Cross-Origin Resource Sharing (CORS) check by default. It's a security mechanism that prevents unauthorized cross-origin requests.

The JavaScript code running on tinyfrontend.com cannot directly fetch data from api.weather.com using fetch() or XMLHttpRequest.

This restriction is essential for security—otherwise, malicious sites could wreak havoc by making unauthorized requests to other domains.

Cross-Origin Request

A cross-origin request refers to any situation where a web page attempts to access resources from a server with a different origin than its own.

An origin domain is a combination of 3 parts:

  1. Protocol: This defines how communication happens between the browser and the server. (e.g, http or https)
  2. Domain name: This is the web address you see in the URL bar (e.g., tinyfrontend.com).
  3. Port number: This is a specific port on the server designated for communication. (e.g., 80 for http, 443 for https)

Example

Here are a few examples:

Subscribe to read the full content

* Free subscribe to enjoy full content access.
* You can cancel anytime with 1-click.

Read Next

0109

Cross-Site Scripting (XSS) in JavaScript

Cross-Site Scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious code into a web page that is viewed by other users.

Cross-Site Scripting (XSS) in JavaScript 0108

Multiple Promises Handling in JavaScript

Promises are a powerful way to handle asynchronous operations in JavaScript. They allow us to write clean and readable code, without using callbacks or nested functions.

Multiple Promises Handling in JavaScript 0107

Promises for Asynchronous JavaScript

In this guide, we'll delve into the ins and outs of promises, covering their syntax, usage, common patterns, and best practices.

0106

Styling the First Letter

The ::first-letter pseudo-element applies styles to the first letter of a block container.

Styling the First Letter 0105

The Deprecation of Third-Party Cookies

Google has announced its plan to disable third-party cookies by default in Chrome, a step that will reshape the landscape of online tracking and user privacy. This change is part of a broader effort to enhance user privacy and security on the web.

The Deprecation of Third-Party Cookies 0104

Implementing Your Own debounce()

Debounce is a common technique used in web development to improve performance by controlling the rate at which a particular function is invoked.

Implementing Your Own debounce()