The Cross-Origin Resource Policy (CORP) is one of the methods for securing and restricting resources in web applications. By using CORP, we can specify which resources from other sites can be accessed. This policy relates to resources such as images, videos, and other plugins that are used.
Restricting websites from accessing resources that should not be accessible to them can help improve user security. CORP allows us to limit access to resources only to those that are defined based on specific security policies.
This mechanism can work with specifying headers in HTTP responses. For high-value resources, it is better to use CORP to prevent unauthorized access. CORP is applied when we want to ensure access only from certain secure sources.
As a continuation, we will review a sample code for implementing CORP. This code uses headers to indicate that only resources from the same site are allowed to be accessed.
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: same-site
Content-Type: text/html
Content-Length: 305
This code indicates that only resources from the same site are allowed to be accessed.
The first line indicates the successful status of the HTTP response.
The second line defines the CORP policy, indicating that no external resources are permitted to access this resource.
The third line specifies the type of content in the HTTP response, which in this case is HTML.
The fourth line indicates the length of the content in the response.