CORS (Cross-Origin Resource Sharing)
CORS is a browser security mechanism that controls whether a web page on one origin may call an API on a different origin, using HTTP headers to grant access.
By default, browsers block cross-origin requests for security. CORS lets a server opt in by returning headers like Access-Control-Allow-Origin that tell the browser which origins, methods, and headers are permitted.
When your frontend and API live on different domains, the API must send the right CORS headers or browser requests will fail. Note that CORS is a browser protection — it does not secure the API itself.
Actual access control still belongs to authentication and database policies like row-level security; CORS only governs which web origins the browser will let make the call.
Related terms
See it in practice
Kolaybase gives you PostgreSQL, auth, storage, and a REST API in minutes.