What is CORS?

CORS - Cross Origin Resource Sharing allows us to relax the security applied to an API. By default the Single Origin Policy applies and a website can only make calls to its own origin. In the case though where you have a sub domain or even some third party sites that need access to you API CORS allows us to provide this to just those specific sites without having to open up the API to all origins. In this tutorial video we look at some example APIs on the web today and how they handle CORS.

https://swapi.co/
https://api.chucknorris.io/

CORS will add the the response header [access-control-allow-origins] and specify which origins are to be permitted access. This can include a wildcard, which is how the above 2 sites handle this.

Then create our own sample API and show how to add CORS headers to allow access from other Origins. The example is created in dotnet core within Visual Studio.

It should be noted that CORS and SOP is something applied by web browsers and does not take effect in other applications. So a node console app would be able to access an API even though it is not from the same origin.

P.S Just joined buy me a coffee :-)
https://www.buymeacoffee.com/ashotofcode