CORS refers to Cross-Origin Resource Sharing. It's a browser mechanism that allows web pages in one domain to have controlled access to resources in other domains (cross-domain requests). This allows scripts that are run on a browser client to interact with and access resources from other origins. In doing so, it extends and provides greater flexibility to the SOP (Same-Origin Policy). Same-origin policies restrict the ability of a website to access resources outside of its source domain.
For example, a JavaScript app that wants to make a call to an API (Application Programming Interface) that runs on another domain will be blocked due to the SOP. A CORS policy was implemented to circumvent restrictions caused by same-origin policies.
In addition, if a website's CORS policy is not configured properly, it may be vulnerable to cross-domain attacks. This means that it cannot stop cross-origin attacks like CSRF (Cross-Site Request Forgery).
