If you have ever worked on some ajax calls or a react SPA you might be familiar with the annoying CORS error. The go to solution for us in that case is to talk to the backend guys and ask them to just allow everything because YOLO. But what is CORS? Is it just a way to annoy frontend developers? Has it got anything to do with security? If yes then why do we need auth and secret keys? If no then what purpose does it solves? How does it work in first place?