CORS

// Definition

Cross-Origin Resource Sharing — a browser security mechanism that restricts web pages from making HTTP requests to a domain different from the one that served the page. The browser preflight-checks cross-origin requests by sending an `OPTIONS` request; the server responds with `Access-Control-Allow-Origin` (and related) headers to grant or deny access. For API testers: misconfigured CORS is a common security vulnerability, and missing CORS headers cause silent failures in browser-based test environments.

// Related terms

• REST

  Representational State Transfer — an architectural style for HTTP APIs where resources are addressed by URLs and manipulated via standard HTTP verbs (GET, POST, PUT, DELETE). The dominant API style for over a decade.

• Endpoint

  A specific URL exposed by an API that accepts requests and returns responses. Defined by its path, HTTP method, and contract.

• Status Code

  A three-digit HTTP response code indicating outcome — 2xx success, 3xx redirect, 4xx client error, 5xx server error. The first signal an API test asserts on.