Working of CORS
When a web page requests a different domain (origin), the browser first sends a preflight request, which is an HTTP OPTIONS request. This request checks if the actual request is safe to send. The server responds with the appropriate headers indicating whether the request is allowed or not.
Spring Security – CORS
Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers to allow or block web pages from making requests to a different domain than the one that served the web page. It plays a crucial role in preventing certain types of attacks, such as Cross-Site Request Forgery (CSRF). By default, web browsers block cross-origin HTTP requests from scripts running in the browser. CORS provides a way for servers to support cross-origin requests while still ensuring the security of the application.