How to Bypass CORS on HTTP requests

A way to whitelist http requests to your web server from certain locations

Background

As a security policy, web browsers do not allow AJAX requests to web servers other than the site you are visiting by default. This is called Same-Origin Policy (SOP).

SOP policy enforced the web page to access to data which sits on the same host. Without this security rule, any web page can access the DOM of any other pages. This would allow to it to access the sensitive data of other pages potentially as well as perform actions without user’s consent.

Let us say you were tricked somehow to visit a bad website “www.your-bank-bad-site.com” which there is an iframe where loads the real “www.your-bank.com” website. And you proceeded to login your bank credentials into the site in the iframe. In a world without SOP policy, the bad site could access the “bank_balance” node of the iframe’s DOM and get its value. This even be extended with forging browser calls to send your money to elsewhere.

What is CORS?

CORS represents “Cross-Origin Resource Sharing”. As an HTTP-header based mechanism, it allows the web server to indicate any other origins other than from its own that whether a browser should permit the loading…