CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts web pages from making requests to a different domain. When your frontend (localhost:3000) calls your API (api.example.com), the browser blocks it unless the API explicitly allows it with CORS headers. Fix: add Access-Control-Allow-Origin header to your API responses. Common mistake: using * in production — specify your exact frontend domain instead.
glossary2 min read
CORS Explained
CORS controls which websites can make API requests to your server.
Try these tools
More glossary articles
What is WebP?
WebP is a modern image format by Google offering superior compression. Learn when and how to use WebP images.
What is HEIC?
HEIC is the default photo format on iPhones. Learn what it is, why Apple uses it, and how to convert it.
What is JSON?
JSON (JavaScript Object Notation) is the standard data format for web APIs. Learn the syntax and common uses.
What is Regex?
Regular expressions (regex) are patterns for matching text. Learn the basics and common use cases.