CORS (Cross-Origin Resource Sharing)
intermediateDefinition
A safety rule built into web browsers. By default, a website at one address isn't allowed to grab data from a website at a different address. CORS is the way the second site can say 'it's okay, I trust this other site to read my data.' If the permission isn't there, the browser blocks the request.
In the wild
A small weather website tries to fetch live data from a public weather service. The browser refuses until the weather service includes a header in its responses that basically says, 'visitors from this website are welcome to read my data.'
More from Backend & APIs
Authentication vs Authorization
Authentication answers 'who are you?': proving your identity, usually by logging in. Authorization answers 'what are you allowed to do?': checking whether your account has permission to take a certain action. Both have to pass before sensitive things happen.
CRUD (Create, Read, Update, Delete)
The four basic things you can do with stored information: create new items, read existing ones, update them, and delete them. Almost every app you use is built around these four actions, even when they're hidden behind fancier names.
Endpoint
A specific address on a server that does one particular thing when an app talks to it. Each endpoint is like one phone extension at a company: dial it, and you get the person who handles that one task.
GraphQL
A way of asking a server for data where the app says exactly what it wants, no more, no less, in a single request. Instead of getting a fixed bundle of information, the app picks the precise fields it needs, like ordering off a custom menu.
HTTP Methods
The little verbs that go with every request a browser or app sends to a server. They tell the server what kind of action is happening: GET means 'just give me this thing,' POST means 'create something new,' PUT or PATCH means 'change something,' and DELETE means 'remove it.'
Idempotency
A safety property that means doing the same action twice has the same effect as doing it once. It matters when networks are flaky and the app might accidentally repeat a request: without idempotency, you might end up charged twice for the same thing.