CORS (cross origin resource sharing) is a mechanism to allow client web applications make HTTP requests to other domains. For example if you load a site from http://domainA.com and want to make a request (via xhr or img src, etc) to http://domainB.com without using CORS your web browser will try to protect you by blocking the response from the other server. This is because browsers restrict responses coming from other domains via the Same-Origin-Policy.
CORS allows the browser to use reponses from other domains. This is done by including a Access-Control headers in the server responses telling the browser that requests it is making is OK and safe to use the response.
| Header | Description |
|---|---|
Access-Control-Allow-Origin: |
Allow requests from `` to access t |