<ul><li>Same-Origin Policy (SOP) guides how web browsers interact between web pages.</li><li>Cross-Origin Resource Sharing (CORS) allows servers to specify how resources can be requested from different origins.</li><li>CORS exceptions permit web pages to request resources from other domains under controlled conditions.</li><li>Server processes requests and includes CORS headers in responses for browser interpretation.</li><li>HTTP headers like Access-Control-Allow-Origin, Access-Control-Allow-Methods, and others play roles in CORS.</li><li>CORS distinguishes between simple requests and preflight requests based on HTTP methods and headers.</li><li>Process of a CORS request involves validation of Origin header against allowed origins.</li><li>Access-Control-Allow-Origin header indicates the permitted origin for a request.</li><li>CORS configurations include single origin, multiple origins, wildcard origin, and configurations with credentials.</li><li>Common CORS misconfigurations include null origin misconfigurations, bad regex in origin checking, and trusting arbitrary supplied origin.</li></ul>

TryHackMe: CORS & SOP

Discover more