CORS and Single Origin Policy

Alex Moline
2 min readNov 6, 2020


On the internet, it is common to see websites or clients as they can be referred to use information or media from an unrelated website. The way this is done is through CORS, which is a way for clients to share resources with other clients. CORS is an effective way to add outside media and information to a website and comes with a host of benefits for not only you but everyone who access the world wide web.

CORS stands for cross-origin resource sharing and is header based, which essentially means that it lets a server and client share data through the use of HTTP requests and responses. The header is where the domain is located and is notably the first instance in the search bar.

Through cross-origin resource sharing, a client can access restricted resources that are located in other domains. This means that if client A has a photo that client B wants to use, client B can access that particular resource through CORS. An excellent way to grasp this concept is to think of how youtube videos can be embedded into a website without being on Although this may not necessarily be the same thing, it does a good job getting the reference across.

This is an example of CORS!

With CORS, there are built-in protections to help users navigate the internet. One of these ways is that AJAX requests are by default forbidden from accessing cross-origin resources, AJAX requests can present a number of safety issues in regards to something attaining data that isn’t consented to be given out.

Another safety mechanism that is put in place is the Same Origin Policy. The Same Origin Policy is an essential tool in security devolvement and basically means that browsers only allow scripts to access data from a secondary web page only if both pages share the same origin. This is effective in helping in deflecting attacks like cross-site scripting which would pose a big security risk for a programmer as somebody could gain access to private and sensitive data.

  • Note: attacks don’t apply to HTML tags.

In conclusion, the concept of CORS and Same Origin Policy serve to help protect users, and although it can be a pain for some, it’s important to remember that it is never an error merely a precaution!