Skip to content

Bits of .NET

Daily micro-tips for C#, SQL, performance, and scalable backend engineering.

  • Asp.Net Core
  • C#
  • SQL
  • JavaScript
  • CSS
  • About
  • ErcanOPAK.com
  • No Access
  • Privacy Policy
Ajax

Ajax: Understand CORS for Cross-Origin Requests

- 07.07.26 - ErcanOPAK

🌐 CORS = Cross-Origin Security

Browsers block cross-origin requests. CORS enables secure cross-origin communication. Essential for APIs and frontend apps.

📝 CORS Headers

# Server Headers
Access-Control-Allow-Origin: https://myapp.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600

# Preflight Request
OPTIONS /api/data
Origin: https://myapp.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: Content-Type

# Simple Request
GET /api/data
Origin: https://myapp.com

🎯 CORS Solutions

# 1. Enable CORS on Server (Node.js/Express)
const cors = require('cors');
app.use(cors({
    origin: 'https://myapp.com',
    methods: ['GET', 'POST', 'PUT', 'DELETE'],
    allowedHeaders: ['Content-Type', 'Authorization'],
    credentials: true
}));

# 2. Enable CORS on Server (.NET Core)
app.UseCors(policy => 
    policy.WithOrigins("https://myapp.com")
          .AllowAnyMethod()
          .AllowAnyHeader()
          .AllowCredentials()
);

# 3. Enable CORS on Server (Python/Flask)
from flask_cors import CORS
CORS(app, origins=['https://myapp.com'])

# 4. Proxy (Development)
# package.json
{
    "proxy": "http://localhost:5000"
}

# 5. Configure CORS in Reverse Proxy (nginx)
location /api {
    add_header 'Access-Control-Allow-Origin' 'https://myapp.com';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
}

# 6. CORS with Credentials (Frontend)
fetch('https://api.example.com/data', {
    credentials: 'include'
});

💡 CORS Best Practices

  • Don’t use ‘*’ in production
  • Use specific origins only
  • Use credentials flag carefully
  • Cache preflight responses
  • Use environment-specific origins

“CORS enables secure cross-origin requests. Essential for modern web APIs.”

— API Developer

Related posts:

Ajax: Add Query Parameters to API Requests

Ajax: Use Compression Streams to Send Large Data Efficiently

AJAX: Use Cache API to Serve Assets Offline Like Native App

Post Views: 1

Post navigation

JavaScript: Understand Closures for Scope and Privacy
Git: Use Submodules for External Repositories

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

July 2026
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Jun    

Most Viewed Posts

  • Get the User Name and Domain Name from an Email Address in SQL (960)
  • How to add default value for Entity Framework migrations for DateTime and Bool (898)
  • How to make theater mode the default for Youtube (857)
  • Get the First and Last Word from a String or Sentence in SQL (840)
  • How to select distinct rows in a datatable in C# (814)
  • How to enable, disable and check if Service Broker is enabled on a database in SQL Server (597)
  • Add Constraint to SQL Table to ensure email contains @ (582)
  • Average of all values in a column that are not zero in SQL (545)
  • How to use Map Mode for Vertical Scroll Mode in Visual Studio (512)
  • Find numbers with more than two decimal places in SQL (460)

Recent Posts

  • C#: Use Using Statements for Resource Management
  • C#: Use Lambda Expressions for Concise Code
  • SQL: Use GROUP BY for Data Aggregation
  • .NET Core: Master Routing for Clean URLs
  • Git: Use Reset to Undo Local Changes
  • Ajax: Use Axios for HTTP Requests
  • JavaScript: Understand Hoisting
  • HTML: Use Web Storage for Client-Side Data
  • CSS: Use Filter Effects for Visual Magic
  • Windows 11: Unlock God Mode for All Settings

Most Viewed Posts

  • Get the User Name and Domain Name from an Email Address in SQL (960)
  • How to add default value for Entity Framework migrations for DateTime and Bool (898)
  • How to make theater mode the default for Youtube (857)
  • Get the First and Last Word from a String or Sentence in SQL (840)
  • How to select distinct rows in a datatable in C# (814)

Recent Posts

  • C#: Use Using Statements for Resource Management
  • C#: Use Lambda Expressions for Concise Code
  • SQL: Use GROUP BY for Data Aggregation
  • .NET Core: Master Routing for Clean URLs
  • Git: Use Reset to Undo Local Changes

Social

  • ErcanOPAK.com
  • GoodReads
  • LetterBoxD
  • Linkedin
  • The Blog
  • Twitter
© 2026 Bits of .NET | Built with Xblog Plus free WordPress theme by wpthemespace.com