What is Cross-Origin Resource Sharing (CORS) and how does it work?
May 31, 2023Cross-Origin Resource Sharing (CORS)
For security reasons, browsers by default restrict cross-origin (two different domains) HTTP requests initiated from scripts. This is what's known on the internet as the same-origin policy. CORS is a way to overcome the same-origin policy.
CORS (short for Cross-Origin Resource Sharing) is an important security measure on the internet that allows owners control over who can access their domain resources. CORS allows a server to set which origins (domain, scheme, or port) other than its own that they will allow loading access from.
For example, if a developer who owns https://domain-a.com tries to load content from another website https://domain-b.com, the browser will restrict this access since they're two different domains.
In order to allow access, domain-b would need to set their API response header to allow all access (denoted by *) or allow access to your domain specifically.
Examples:Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: https://domain-a.com
What you need to know about CORS as a PM:
Building software is a complex process and unforeseen complications often arise during the process. As a PM, you should be aware of as many of these possible complications as possible, including the same-origin policy that may delay time to implement.
If a feature your engineering team is working on depends on a third-party, the development team may need to get permission from that third-party in order to gain access to their resources. As you can imagine, complications would arise if the third-party says no, or takes a long time to update their system configuration to allow access from your domain.
Tip: Anytime an engineer refers to "same-origin" or "cross-domain concerns" or "access control", it's likely they're referring to CORS.
Positive feedback is feedback too!
We often think of feedback as “critical feedback”, but positive feedback is just as important! Team cohesive and effective teamwork ultimately comes from a place of positivity and a sense of forward/upward momentum. It’s difficult to have these when just focusing on critical feedback. You want to know what you’re doing right along with ways you can improve. So as much as possible, ask for positive feedback like “What did you like about [x] that you’d like to see me continue doing?” and “What was your favorite part about [x]?”
If you want to level up your technical skills and your ability to communicate and collaborate with engineers, enroll in the Skiplevel program. The Skiplevel program is a comprehensive, on-demand course + community that helps you become more technical without learning how to code.
Become more technical without learning to code with the Skiplevel program.
The Skiplevel program is specially designed for the non-engineering professional to give you the strong technical foundation you need to feel more confident in your technical abilities in your day-to-day role and during interviews.