CORS

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which domains can make HTTP requests to a server from a web page. By default, browsers block requests from one origin to a different origin.

API servers explicitly allow cross-origin requests by including CORS headers. The Access-Control-Allow-Origin header specifies which origins can make requests - either a specific domain or * for any domain.

CORS restrictions only apply in browser environments, not in server-side code. If you encounter CORS errors building a frontend app, the solution is typically to proxy API calls through your own server, or confirm with the API provider that your domain is allowlisted.