Cross-Origin Resource Sharing
The same-origin policy is a security measure that makes it nearly impossible for a page hosted on one domain to make Ajax requests to a page hosted on another. We’ve found all sorts of ways around the limitations, but cross-origin resource sharing, or CORS, is the standard way of making requests across servers. Best of all, almost every browser supports this, including Internet Explorer 10.
However, to pull it off, the domain you’re trying to access has to be configured to accept CORS requests, and you have to configure your code to send those requests. Specifically, the server needs to respond with the following header:
| | Access-Control-Allow-Origin: * |
That’s it. As long as that’s set, a modern browser will have ...
Get HTML5 and CSS3, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
