Subressursforespørsler

Subressursforespørsler, often abbreviated as CSR for Cross-Origin Resource Sharing, is a mechanism that allows many resources, such as JavaScript, that are loaded from a web page to be requested from a domain different from the one that served the web page. It is a security feature implemented by web browsers. By default, browsers restrict web pages from making requests to a different origin than the one the page originated from. This is known as the same-origin policy.

When a web page needs to fetch a resource from another domain, such as an API endpoint

If the server does not explicitly permit the request from the originating domain, the browser will block