Is clicking link on an anchor tag a cross origin request?

Question

Here is the definition of CORS Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Lets assume I have a plain HTML webpage with link to linkedIn.

<a href="https://linkedin.com">Visit my linkedIn</a>

Is clicking on Anchor tag same/equivalent to "requesting domain from another domain" ? If not then how is anchor tag spared from CORs restrictions ?

Answer 1

I prefer MDN's definition of CORS:

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, protocol, or port) than its own from which a browser should permit loading of resources.

Your anchor tag will make you exit your server and redirect you to LinkedIn's, so you wouldn't be requesting anything from it.

Again from MDN:

An example of a cross-origin request: the front-end JavaScript code served from https://domain-a.com uses XMLHttpRequest to make a request for https://domain-b.com/data.json.

So let's try to make a GET request to linkedin.com.

fetch('https://linkedin.com')
    .then((response) => console.log(response));

As expected: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://linkedin.com/.

Answer 2

No, it's not the same. In simple words, CORS means you need something from another domain. It could be anything like an image, some text or JSON data from an API. When you request something from your browser, the browser makes another request behind the scene to ensure that the CORS is allowed on the requested domain.

Meanwhile clicking on an anchor means you are "Navigating" from one domain to another "domain". The browser doesn't instantiate the CORS request in this case.