Cross Origin Resource Sharing

Question 1

Restricts how a document/script from one origin can interact with a resource from another origin.

Answer 1

Same-Origin Policy

Question 2

2 web pages have the same origin if they have the same? (3)

Answer 2

1. Protocol
2. Host/Domain
3. Port

Question 3

A page attempting to interact with a resource from a different origin is making a __________________.

Answer 3

Cross-Origin Request

Question 4

Same-Origin Policy is done by the _________, not by the website itself.

Answer 4

Browser

Question 5

Browser restrict cross origin ____________ initiated within scripts.

Answer 5

HTTP requests.

Question 6

Why restrict cross-origin access?

Answer 6

Cross-origin requests are a vector for online attacks.

Question 7

A system that allows resources to be accessed across different origins.

Answer 7

Cross-Origin Resource Sharing (CORS)

Question 8

The __________ headers are used by the clients and servers to determine if the client can access the server’s resources.

Answer 8

Access-Control-*

Question 9

Some cross-origin requests trigger a ________ _________.

Answer 9

Preflight Request

Question 10

Automatically issued by the browser before sending some kinds of cross-origin requests.

Answer 10

Preflight requests.

Question 11

Request to check to see if the actual request will be accepted and processed.

Answer 11

Preflight requests.

Question 12

All preflight requests are _______ HTTP requests with 3 particular headers.

Answer 12

1. Access-Control-Request-Method
2. Access-Control-Request-Headers
3. Origin

Question 13

In general, requests that _________________________ in the server’s data trigger a preflight request.

Answer 13

will cause some sort of change

Question 14

___________ requests don’t trigger a preflight and only look for the Access-Control-Allow-Origin header in the response.

Answer 14

Simple