CORS 101

CORS (Cross-Origin Resource Sharing) configuration will be a standard feature in many Cloud products. Most of the online applications required embedded links or AJAX calls in their web pages. By default, CORS is mainly blocked unless you enabled it. It is one of the most headache issue if you are deploying loosely coupled architecture. This are some common things that you need to take note for CORS.

Using CORS

Common CORS implementation involves REST API calls, embedded iFrames, cross linking of services or sharing of data like location, scripts and stylesheets. CORS is necessary because you will be sharing data like location for your application. Sometimes, there is a need to subscribe to cloud services using REST API. Majority of modern applications utilise REST API calls or AJAX. Thus, CORS is one of the most common security issues to encounter during implementation.

Enabling CORS

The CORS implementation can happen at a few layers. These are the common issues that you can check if you run into CORS errors. You will need to enable CORS if you are doing these implementations. The areas that you must check and enable CORS are usually browser and application. Luckily, many modern browsers are now CORS friendly.

If you are new to web or cloud development, one of the earliest security lessons will be CORS. Browsers are now attuned to CORS unless in the past. Many cloud setup or REST also include CORS in their configuration. Do take note to enable CORS carefully to allow your application to run smoothly.