Is CORS a server bug?

Usually no. CORS is expected browser behavior. Fix by configuring the API with correct CORS headers or by routing requests through a same-origin proxy when appropriate.

What is CORS and why does the browser use it?

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls whether a web page on one origin (scheme + host + port) is allowed to read HTTP responses from another origin. Without it, you could not safely surf the open web: malicious sites could use your session cookies to call APIs on your behalf. Servers opt in by sending CORS response headers, and the browser enforces the rules for JavaScript code.

// Browser JS on https://app.example can request https://api.example only if
the API response includes the right CORS headers for that browser origin.

Start simple: try this concept in a tiny project before moving to advanced tools.

corssecurityhttp

Want to check this topic right now?

Check this question