Company
Date Published
April 7, 2021
Author
Mia Adjei
Word count
1698
Language
English
Hacker News points
None

Summary

** CORS (Cross-Origin Resource Sharing) is a security protocol in modern browsers that allows or restricts resources from being shared between different origins, depending on which origin initiated the HTTP request. An origin describes where a request is initiated and includes scheme, hostname, and port components. The browser adds an Origin header to all requests it makes, and when a request arrives at the server, if the origin in the request is included in the list of origins that are allowed to retrieve resources from that server, the server will add an Access-Control-Allow-Origin header to its response to let the browser know that the content is accessible to this specific origin. However, by default, browsers block requests from different ports due to CORS restrictions. To fix this and allow data to flow between a server and client, developers can add CORS support to their server using middleware that sets the Access-Control-Allow-Origin header and specifies the domains that are allowed to access resources. This tutorial demonstrates how to configure CORS in an Express + TypeScript API by installing the `cors` package and configuring CORS options, including adding allowed origins and passing these options to the `cors` middleware. By doing so, developers can enable their server to respond with the Access-Control-Allow-Origin header for specific cross-origin requests and allow data to flow between their server and client-side application.