Cross-Origin-Resource-Policy vs Cross-Origin-Resource-Sharing. #cybersecurity

This video explains the relationship between two HTTP security headers: Cross-origin-resource-policy and Access-control-allow-origin. The former always takes precedence over the latter as the value of cross-origin-resource-policy determines the existence and a value of Access-control-allow-origin header. Three values are expected for the parent header ( cross-origin-resource-policy): same-origin, same-site, and cross-origin. Bear in mind that Access-control-allow-origin has no effect with 'same-site' value on the parent header whereas Access-control-allow-origin MUST exist when same-origin or cross-origin is set on the cross-origin-resource-policy. #coding #softwaredeveloper