Skip to content

cloudstreet-dev/Understanding-CORS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
book.toml
book.toml
 
 

Repository files navigation

Understanding CORS

Stop Copy-Pasting Headers and Start Understanding Cross-Origin Resource Sharing.

Read the book online at cloudstreet-dev.github.io/Understanding-CORS.

About

This book covers CORS from first principles through production configuration and security. It's structured in five parts:

  1. The Problem CORS Solves — The Same-Origin Policy, why browsers enforce it, and what an "origin" actually is.
  2. How CORS Actually Works — Simple requests, preflights, every header explained, credentials, and caching.
  3. CORS in the Wild — Fetch/XHR, WebSockets, fonts, SPAs, API gateways, and proxies.
  4. Server-Side Configuration — Express, Go, Rust, Python, Nginx, Apache, serverless, and edge functions.
  5. Debugging and Security — Reading error messages, common mistakes, security boundaries, and when * is fine.

Building locally

Install mdBook, then:

mdbook serve --open

Acknowledgments

Thanks to Georgiy Treyvus, CloudStreet Product Manager, for the idea for this book.

License

This work is dedicated to the public domain under CC0 1.0 Universal.

About

A no-nonsense guide to Cross-Origin Resource Sharing — the web security mechanism everyone encounters and nobody fully understands. Covers the Same-Origin Policy, preflight requests, credential handling, and every header you'll ever need. Stop copy-pasting Access-Control-Allow-Origin: * and actually learn what's happening.

cloudstreet-dev.github.io/Understanding-CORS/

Resources

Readme

License

CC0-1.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors