Definition

CORS

CORS, or Cross-Origin Resource Sharing, is a browser security mechanism that restricts web pages from making HTTP requests to a different domain than the one that served the page, unless the target server explicitly permits it through specific HTTP headers.

Understanding CORS

CORS exists to protect users from malicious websites that might try to access their data on other services. When a browser detects that a web page is trying to make a request to a different domain, it first checks whether that domain allows the request by looking at CORS headers in the response. If the headers are missing or do not permit the requesting domain, the browser blocks the request.

CORS errors are one of the most frequent issues in vibecoded applications. During development, the frontend and backend often run on the same machine, so CORS is not an issue. When the application is deployed, the frontend and backend may be on different domains, and the AI-generated backend code may not include proper CORS configuration. The result is an app that works perfectly in development but fails completely in production.

From a testing perspective, CORS issues are immediately apparent because features that depend on API calls simply stop working. A QA tester using the deployed version of the application will quickly discover that buttons do nothing, data does not load, or forms fail to submit. These are clear signals of CORS misconfiguration that can be reported and fixed before users encounter them.

Example usage

Everything worked on localhost, but after deploying, the entire app was broken. The browser console was full of CORS errors because the API did not allow requests from the production domain.

Related terms

APIsecurity vulnerabilityREST APIauthentication

Learn more

API

An API, or Application Programming Interface, is a set of defined rules and protocols that allows different software applications to communicate with each other, enabling them to request and exchange data or trigger actions.

Read more

Security Vulnerability

A security vulnerability is a weakness or flaw in a software application that could be exploited by an attacker to gain unauthorized access, steal data, disrupt service, or perform other malicious actions.

Read more

REST API

A REST API is a web service interface that follows the Representational State Transfer architectural style, using standard HTTP methods like GET, POST, PUT, and DELETE to allow client applications to interact with server resources.

Read more
← Back to Glossary