Cross-Domain requests and CORS

A HTTP request is said to be a cross-domain request when a resource makes that request to a different domain than it originated from. Web pages frequently make Cross-Domain requests to load images, scripts and CSS files. Cross-Domain requests that are fired from JavaScript have some restrictions according to the Same-Origin Policy. Normally browsers don't allow making such requests due to security reasons.

Frequently we face scenarios to consume third-party services, feeds etc. from JavaScript, one of the ways to achieve that is through JSONP calls. But the JSONP mechanism has its own limitations they are used to make only HTTP GET requests and they are vulnerable to security issues. Because of the desires of web community the W3C has come up with a new policy called Cross-Origin Resource Sharing or simply CORS that makes cross-domain requests so easy and natural. In this article I'm going to discuss about the basic things of CORS.

Continue Reading