The same-origin security policy forbids cross-origin access to resources. But CORS gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.
Indicates whether the response can be shared.
Indicates whether or not the response to the request can be exposed when the credentials flag is true.
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Specifies the method or methods allowed when accessing the resource in response to a preflight request.
Indicates which headers can be exposed as part of the response by listing their names.
Indicates how long the results of a preflight request can be cached.
Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
Indicates where a fetch originates from.
Specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
- Cross-Origin Resource Sharing (CORS) on MDN
- Cross-origin resource sharing on Wikipedia
- Fetch specification