CORS

CORS (Cross-Origin Resource Sharing) is a security mechanism that controls which web applications can make requests to domains different from their own. Browsers enforce the same-origin policy by default, blocking cross-origin requests to protect users. CORS headers from the server specify which origins, HTTP methods, and headers are permitted, enabling controlled cross-origin communication.

When your frontend at localhost:3000 tries to fetch data from your API at localhost:8000, the browser blocks it because the ports differ, making them different origins. Your backend must include Access-Control-Allow-Origin: http://localhost:3000 in its responses. For development, you might temporarily allow all origins with the wildcard asterisk, but in production you should specify exact allowed domains.