CORS

CORS (Cross-Origin Resource Sharing) is an HTTP-header-based mechanism that lets a server specify which origins (domains) are allowed to access its resources. Browsers enforce CORS by sending a preflight OPTIONS request before the actual request, and blocking the response if the server doesn't explicitly allow the requesting origin. Misconfigured CORS is a common issue in AI-generated code — setting Access-Control-Allow-Origin to '*' in development and shipping it to production effectively disables this security boundary, allowing any website to make authenticated requests to your API on behalf of your users.