CORS

Cross Origin Resource Sharing (CORS).

CORS governs your code's access to resources from different servers.

When pages request resources from the same host, it is considered the same origin.

Servers set CORS headers in the HTTP response.

When a resource is fetched from a disallowed source, the canvas or document becomes "tainted" and can't be accessed by your code.
https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image

Security is a big reason why CORS exists. When fetching resources from a third party, it's possible for them to replace the response with something malicious.

Crossorigin attribute

Use the crossorigin attribute on images to fetch them using CORS, which if allowed by the server, will not taint the page.
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin

Referrer

The default policy for all major browsers is strict-origin-when-cross-origin.

Level

Advanced

Topics

#CORS

Resources

Cross-Origin Resource Sharing - CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Referer and Referrer-Policy best practices

https://web.dev/articles/referrer-best-practices

Crossorigin attribute

Referrer

Course: Advanced Javascript