What is CORS? | Cross-Origin Resource Sharing

No video

What is CORS? | Cross-Origin Resource Sharing | CORS Explained!

Рет қаралды 62,461

Күн бұрын

#web_security #cors #sop #csrf
Understanding Cross-Origin Resource Sharing is essential if you’re a web developer or want to understand the browser security model. Cross-origin Resource Sharing is a way to relax the SOP, Same Origin Policy, the security mechanism whereby browsers prevent Cross-Site Request Forgery, or CSRF.
In this video, what is CORS, and Why we need it?. You’ll understand how we can bypass the Same Origin Policy with CORS and how HTTP headers are used to customize CORS implementation.
-------- Video Outline --------
00:09 Browser functionalities and security model
01:07 CSRF attack -- Cross-Site Request Forgery
01:41 Same Origin Policy
02:13 What is an Origin
03:05 CSRF and SOP
04:03 Relaxing SOP
04:41 Introducing CORS
05:17 CORS implementation -- HTTP Headers
06:45 Preflight Request
07:19 CORS in Web Browsers vs CLI client
Resources to know more:
* developer.mozi...
* owasp.org/www-...
Check out more of The TechCave Videos:
* • What is a VPN & How do... - What is a VPN and How does it work? VPNs Explained!
* • What is a Proxy Server... - What is a Proxy Server & How Does it work?
* • The Http and the Web |... - HTTP and The Web
* • APIs | REST | REST API... - REST APIs
* • What is DevOps | Under... - DevOps
* • Web Services - Demysti... - Web Services
* • Software Architecture ... - Software Architecture
Artwork and Illustration: Flaticon.com
Stay Tuned!

Пікірлер: 43

@tarmeez Жыл бұрын

CORS is one of my biggest challenges when I teach programming to the beginners and why is this happening and what we can do to bypass it, great video, thank you so much 👌🏻

@andrewfielden284 2 жыл бұрын

What a great explanation. You've just demystified why my API call was a) sending two HTTP requests and b) why my JWT header item was being removed in the second one. Thank you!!

@Carlesgl81 Жыл бұрын

i´ve been more than an hour trying to understand this concept with other videos, blogs. This video was my solution! Thanks!

@ppena120 Жыл бұрын

I've been dealing with this issue for 2 days now and didn't really understand it until now. Thank you!

@DaveO0808 2 жыл бұрын

understanding CORS in 5 min is possible! well done thank you

@bastienfontaine8539 8 ай бұрын

Thank you for this video ! I finally understood what's behind the concept of CORS 🔥

@arsenshlianin3064 10 ай бұрын

дякую за зрозуміле пояснення

@GB-mi5he Жыл бұрын

What a GREAT video on this topic. Bravo!

@emmanuelobileye5643 Жыл бұрын

This was clearly explained. Thank you

@khumbokaunda7402 Жыл бұрын

Thank you very much for this wonderful explanation

@deanwhite8413 Жыл бұрын

Fantastic explanation. Thanks!

@aymaneelmadidi887 3 жыл бұрын

Awesome video thanks for uploading.

@TheTechCave 3 жыл бұрын

Thank you for your kind words!

@luanecarolineaquinocavalca1064 Жыл бұрын

thank you so much, great explanation 👏🏽👏🏽👏🏽

@dyanzhao4927 2 жыл бұрын

This nice video make me understand the relationship between CORS and SOP.

@AliA-kp2ux Жыл бұрын

Great video! Thanks very much 🙂

@jaelee1368 2 жыл бұрын

Nice video on CORS, it's clear that you put a lot of effort into creating a high quality presentation.

@benmichel1201 2 жыл бұрын

Great walkthrough! Thanks for making this. 🙏

@TeverRus 2 жыл бұрын

The video is great, mate!

@anasssoulimani9288 3 жыл бұрын

Great work! Awesome content as always❤

@ivan-the-l Жыл бұрын

Very nicely explained. Clear and on point 🔥

@20rand 2 жыл бұрын

Thanks for the video, very helpful!

@lastidea4925 Жыл бұрын

Excellent explanation, thank you Sir ♥

@luisrosal1499 Жыл бұрын

great explanation, good job!

@andersonrafaelcunha1392 2 жыл бұрын

Great video, very easy to understand with those examples.

@ACLAproductions 2 жыл бұрын

This was an amazing explanation! Thank you :)

@RandallReedJr 3 жыл бұрын

This is a really helpful explanation, thanks!

@itstinmoreno 2 жыл бұрын

Great video! Thanks for this! :)

@pliegosevilla 2 жыл бұрын

Nice! Thanks

@divanvanzyl7545 3 жыл бұрын

Great explanation. Thank you

@Toojool 2 жыл бұрын

great explanation

@user-ti9yn8wg6o Жыл бұрын

So the browser is the one enforces CORS, and the resource server is the one that can be setup to relax the restriction.

@anaselkassimi7091 3 жыл бұрын

thank you so much

@TheTechCave 3 жыл бұрын

You're welcome!

@erfelipe 3 жыл бұрын

Thanks!

@jenks2897 2 жыл бұрын

What if I don't what to access or change any data just want to click a button on website A which then clicks or simulate a click on website B and execute a function, does this falls under CORS ? If not any suggestion on how this can be done?

@revenant-six Жыл бұрын

It just feels like the browser developers want every api developer to feel the pain of the browser dev being accused by some random user of the user's stolen information from a random website. (In which case the browser developer, of course, is not to blame, it's just that users are so stupid.)