Access-Control-Allow-Origin

BrandonDusch580 total contributions
Published Aug 18, 2022
Contribute to Docs
Access-Control-Allow-Origin
in a CORS response header that tells which requests from other pieces of web content (and their origin
s) have access to the current resource and, thus, can be loaded by the browser.
Syntax
Access-Control-Allow-Origin: directive
The directive
is set to either of the following:
Directive | Description |
---|---|
* |
This is a wildcard that tells browsers to allow requests from any content origin to access the resource. |
origin |
A single, specific origin of content made of a scheme/protocol, hostname, and port (e.g., a URL). |
null |
Sets the origin to null (however, this should be avoided in most cases). |
Example
The following is an example of a response header that is set to accept requests from the origin
, “https://www.codecademy.com/learn“:
Access-Control-Allow-Origin: https://www.codecademy.com/learn
Looking to contribute?
- Learn more about how to get involved.
- Edit this page on GitHub to fix an error or make an improvement.
- Submit feedback to let us know how we can improve Docs.