CORS
CORSمشاركة الموارد عبر الأصول
GLS-000108
Definition
A browser security feature that controls which domains can make requests to your API.
ميزة أمان في المتصفح تتحكم في أي النطاقات يمكنها تقديم طلبات إلى API الخاص بك.
Why It Matters
If 404Fault's API returns incorrect CORS headers, external sites could call the API in a user's browser and steal their data.
إذا أعادت API في 404Fault رؤوس CORS غير صحيحة، يمكن للمواقع الخارجية استدعاء API في متصفح المستخدم وسرقة بياناته.
Full Definition
Example Usage
“404Fault's API routes don't need custom CORS headers because they're called from the same domain (404fault.com → 404fault.com/api).”
“مسارات API في 404Fault لا تحتاج رؤوس CORS مخصصة لأنها تُستدعى من نفس النطاق (404fault.com → 404fault.com/api).”
AI Builder Tips
Avoid these mistakes when using CORS:
Setting Access-Control-Allow-Origin: * on private APIs (allows any site to call it)
Confusing CORS with authentication — CORS controls who can call, not who is authorized
Sign in to unlock guided AI explanations from AI Teacher.
Generate a Prompt
Copy this prompt and use it directly with any AI model — no setup needed.
Help me build a project using CORS. Explain: 1. What is CORS and why it matters 2. The core architecture and required tools 3. Step-by-step implementation plan 4. Common mistakes to avoid: Setting Access-Control-Allow-Origin: * on private APIs (allows any site to call it), Confusing CORS with authentication — CORS controls who can call, not who is authorized 5. Best practices and production tips