Cross-Origin Resource Sharing (CORS) is an established web standard protocol to protect servers from unexpected cross-origin network accesses. Chrome implemented the CORS protocol in the rendering engine, Blink, running in a renderer process before this change. However, once the OOR-CORS feature is enabled, it inspects network accesses in the network service, running in a separate process.
OOR-CORS solves several architectural and security issues: 1. Provides a reliable CORS implementation running in a separate process. 2. Solves a historical design problem that full-featured CORS implementation is available only in Blink core parts, XHR and Fetch APIs, and simplified version is used in other places. 3. Solves historical design problems that HTTP requests created or modified by some internal modules can not be inspected by CORS.
Unknown standards status - check spec link for status
Status in Chromium
Enabled by default
Consensus & Standardization
- No signals
Last updated on 2021-12-13