1 views collected around this technical thread.
This article explains the browser's same‑origin policy, its role in preventing XSS, CSRF and other attacks, details the protocol, host and port rules, illustrates with examples, and then describes CORS, simple and preflight requests, credential handling, and provides a complete request flow diagram.
This article explains the concepts of cross‑origin and same‑origin policies, and demonstrates multiple solutions—including JSONP, CORS headers, proxy servers, Nginx configuration, WebSocket communication, postMessage, and document.domain—providing both front‑end and back‑end code examples for each method.
This article explains the fundamentals of the browser same‑origin policy, details how CORS and preflight requests work, and discusses related security considerations, while also promoting a ChatGPT community and related services for developers.
This article explains the fundamentals of the same‑origin policy, the security risks it mitigates, and how CORS and preflight requests work in browsers, illustrating the concepts with diagrams, header details, and a complete request flow chart.
This article explains the fundamentals of the same‑origin policy, its impact on DOM, web data and network requests, and provides a detailed overview of CORS, simple requests, preflight requests, and the necessary response headers to securely enable cross‑origin communication in modern browsers.
This article explains the fundamentals of the Same‑Origin Policy, its security implications, and how Cross‑Origin Resource Sharing (CORS) works—including simple requests, preflight requests, and handling credentials—to help developers safely perform cross‑domain HTTP operations in browsers.
This article explains the same‑origin policy, its security implications for DOM, web data and network communication, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑domain interactions while protecting users from attacks such as XSS, CSRF, and others.
This article explains the fundamentals of the browser same‑origin policy, defines what constitutes an origin, describes the restrictions it imposes, and surveys practical cross‑origin solutions such as dynamic tags, JSONP, CORS, postMessage, document.domain, window.name, fetch, and WebSocket.