Chapter 5. Cookies and response headers

This chapter covers

  • Including cookies with requests
  • Understanding how client and server settings interact to control cookie behavior
  • Exposing response headers to clients

Chapter 4 introduced the concept of preflight requests. Preflight requests enable the browser to ask for the server’s permission before making requests with certain HTTP methods and headers. This permissions model puts the server in charge of how cross-origin requests behave.

In the same way, there are additional features that also require special permissions in CORS. The first is user credential support. By default, CORS doesn’t attach user credentials, such as cookies, on requests. The second is response headers support. The browser ...

Get CORS in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.