Cross-Origin Resource Sharing (CORS)

Status: public · Confidence: medium (0.725) · Basis: verified_sources

## TL;DR
CORS is the browser protocol that lets servers opt in to sharing selected cross-origin responses with frontend JavaScript. It exists because the same-origin policy restricts scripts from freely reading resources across origins.

## Core Explanation
A server participates in CORS by returning response headers such as Access-Control-Allow-Origin. Some requests require a preflight OPTIONS request so the browser can check whether the actual request is allowed before sending it.

## Detailed Analysis
CORS is enforced by browsers, not by every HTTP client. Credentialed requests have stricter rules and should be configured carefully. A public CORS header can be appropriate for public APIs, but it should not be used as an authentication or authorization mechanism.

## Further Reading
- Fetch Standard CORS protocol
- MDN CORS guide
- MDN same-origin policy

## Related Articles

- [AI for Predictive Policing: Crime Forecasting, Resource Allocation, and Bias Mitigation](../../ai/ai-predictive-policing.md)
- [AI for Team Collaboration: Smart Meetings, Knowledge Sharing, and Collaborative Intelligence](../../ai/ai-team-collaboration.md)
- [Low-Resource NLP: Multilingual Models, Endangered Language Preservation, and Translation](../../ai/low-resource-nlp.md)