Cross-Origin Read Blocking (CORB) is a mechanism by which browsers block access to a resource which appears inappropriate for the context in which frontend code is trying to use the resource (for example, a `
Cross-Origin Read Blocking (CORB) is a security feature implemented in browsers that mitigates certain attacks by blocking access to resources which appear inappropriate for the context in which frontend code is trying to use the resource.
For example, XSSI is the technique of pointing a <script>
tag at a target resource which is not JavaScript, and observing some side effects when the resulting resource (e.g. a JSON document) is interpreted as JavaScript. CORB prevents the browser from executing, as a script, documents with an application/json
MIME type.
See also: