CORS -May 04

CORS is a mechanism that enables requests to be made from a browser running on a different origin to a server on another origin. To enable CORS, you must set the server origin to accepts requests from all domains or specific domains. Request headers are also used to send additional information to the server origin for instance content type. Who enforces CORS.

They are enforced by the browser to avoid getting responses from websites that do not share the same origin. This is through the same-origin policy that can be explained by a website can't read the result “in javascript” from a request made to another website.

In simple terms, It is forbidden to make a request from any origin other than the one running the current code.

Development tools such as POSTMAN and CURL don’t care about CORS and same-origin policy, so there is no check to see if the request is coming from the same resource, the user has full control when interacting with the site.

CORS can be disabled on the browser by running some commands in the terminal. These commands vary based on the user’s operating system