CORS vs CSP

734 2018-07-13 11:54
  • CORS allows a site A (data provider) to give permission to site B to read (potentially private) data from site A (using the visitor’s browser and credentials).
  • CSP allows a site to prevent itself (data consumer) from loading (potentially malicious) content from unexpected sources (e.g. as a defence against XSS).

If you find this article helpful

follow me on Twitter :)

Download TianPan.co App

Learn startup engineering anywhere, anytime

© 2020 Tian
Built with in San Francisco