Be sure to test the 08 html document using the http:// protocol.
01-05 were requests made to api.github.com using curl. I wanted to see what the response headers looked like, where:
- 01 - Simple GET with no credentials.
- 02 - Simple GET with Basic (username:password).
- 03 - Simple GET with Basic, my own user - the response certainly included private information about me, the authenticated user.
- 04 - Creating an OAUTH token - do these, too, have Access-Control-* headers? Yes!
- 05 - Simple GET with Authorization token.
06-09 demonstrate a CORS request from an HTML document on my hard drive (08), loaded by Chrome (28.0.1500.71), where: