CORS
CORS controls which websites can call your API from a browser. It’s enforced by browsers, not servers, and needs careful configuration.
CORS (Cross-Origin Resource Sharing) controls which origins (domains) a browser is allowed to use when calling your API.
- Browsers enforce it
- Avoid
*with credentials - Configure per environment and endpoint