# CORS (Cross-Origin Resource Sharing) { #cors-cross-origin-resource-sharing }

[CORS veya "Cross-Origin Resource Sharing"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), tarayıcıda çalışan bir frontend’in JavaScript kodunun bir backend ile iletişim kurduğu ve backend’in frontend’den farklı bir "origin"de olduğu durumları ifade eder.

## Origin { #origin }

# CORS (Cross-Origin Resource Sharing) { #cors-cross-origin-resource-sharing }

[CORS или "Cross-Origin Resource Sharing"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) относится к ситуациям, при которых запущенный в браузере фронтенд содержит JavaScript-код, который взаимодействует с бэкендом, находящимся на другом "источнике" ("origin").

## Источник { #origin }

# CORS (교차-출처 리소스 공유) { #cors-cross-origin-resource-sharing }

[CORS 또는 "Cross-Origin Resource Sharing"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)란, 브라우저에서 실행되는 프론트엔드에 백엔드와 통신하는 JavaScript 코드가 있고, 백엔드가 프론트엔드와 다른 "출처(origin)"에 있는 상황을 의미합니다.

## 출처 { #origin }

출처란 프로토콜(`http`, `https`), 도메인(`myapp.com`, `localhost`, `localhost.tiangolo.com`), 그리고 포트(`80`, `443`, `8080`)의 조합을 의미합니다.

따라서, 아래는 모두 상이한 출처입니다:

* `http://localhost`

api.dashboard.response.headers=Referrer-Policy:strict-origin-when-cross-origin
# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With

orange

// organic : Identity Digital Limited
// https://www.iana.org/domains/root/db/organic.html
organic

// origins : The Estée Lauder Companies Inc.
// https://www.iana.org/domains/root/db/origins.html
origins

// osaka : Osaka Registry Co., Ltd.
// https://www.iana.org/domains/root/db/osaka.html
osaka

// otsuka : Otsuka Holdings Co., Ltd.

org.tt
org.tw
org.ua
org.ug
org.uk
org.uy
org.uz
org.vc
org.ve
org.vi
org.vn
org.vu
org.ws
org.ye
org.yt
org.za
org.zm
org.zw
organic
origins
oristano.it
orkanger.no
orkdal.no
orland.no
orsites.com
orskog.no
orsta.no
orx.biz
os.hedmark.no
os.hordaland.no
osaka
osaka.jp
osakasayama.osaka.jp

org.tt
org.tw
org.ua
org.ug
org.uk
org.uy
org.uz
org.vc
org.ve
org.vi
org.vn
org.vu
org.ws
org.ye
org.yt
org.za
org.zm
org.zw
organic
origins
oristano.it
orkanger.no
orkdal.no
orland.no
orsites.com
orskog.no
orsta.no
orx.biz
os.hedmark.no
os.hordaland.no
osaka
osaka.jp
osakasayama.osaka.jp

- Kube-apiserver: regular expressions specified with the `--cors-allowed-origins` option are now validated to match the entire `hostname` inside the `Origin` header of the request and 
  must contain '^' or the '//' prefix to anchor to the start, and '$' or the port separator ':' to anchor to 

# CORS (Partage des ressources entre origines) { #cors-cross-origin-resource-sharing }

[CORS ou « Cross-Origin Resource Sharing »](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) fait référence aux situations où un frontend exécuté dans un navigateur contient du code JavaScript qui communique avec un backend, et où le backend se trouve dans une « origine » différente de celle du frontend.

## Origine { #origin }

    /** The key of the configuration. e.g. Referrer-Policy:strict-origin-when-cross-origin */
    String API_JSON_RESPONSE_HEADERS = "api.json.response.headers";

    /** The key of the configuration. e.g. false */
    String API_JSON_RESPONSE_EXCEPTION_INCLUDED = "api.json.response.exception.included";

    /** The key of the configuration. e.g. Referrer-Policy:strict-origin-when-cross-origin */