Cross-Origin (CORS)
Also known as: cors, same-origin policy
The browser rule that stops scripts on one site from reading data from another site without permission.
The same-origin policy is the foundation of web security: JavaScript on site A can't read responses from site B unless site B opts in via CORS headers. It's what keeps a random page from silently reading your webmail inbox.
CORS is often blamed for developer friction, but it's the reason the web can be both open and safe. Loosening it (Access-Control-Allow-Origin: *) on an authenticated endpoint is a common cause of data leaks.
