Code Safari

Chapter 94·Beginner

The Same-Origin Policy & CORS, Explained: Why the Browser Blocks Your Fetch

01 / 05

The foundation

The same-origin policy is why the web is usable at all.

Every tab you open runs someone's code. The browser's rule — scripts from one origin can't read another origin's data — is the wall keeping evil-site.com out of your banking tab.

The Same-Origin Policy & CORS, Explained: Why the Browser Blocks Your Fetch | Code Safari