What is CORS and why do frontend apps hit CORS errors?

CORS (Cross-Origin Resource Sharing) is a browser security policy that restricts cross-origin requests. You see CORS errors when the backend doesn’t return the right headers (like `Access-Control-Allow-Origin`). **Key ideas:** - “Simple” requests vs preflight (OPTIONS) - Credentials (`withCredentials`) require stricter rules Fixes are typically server-side (configure allowed origins/headers/methods).