Cross-origin resource sharing (CORS) is a standard for accessing web resources on different domains.
HOW CORS WORKS
When a browser executes a script that references a resource on another domain, it requests the content directly from the second domain. The second domain determines whether or not to serve the content by validating the first domain, which is included as part of the request. The second domain then returns either the content or an error message back to the browser, bypassing the first domain entirely.
Step-by-step, here’s how CORS works ?
- The user’s browser creates a connection to the second domain, adding an “Origin” HTTP header to the request which contains the first domain.
- The second domain replies with an “Access-Control-Allow-Origin” HTTP header which lists the domains allowed to make CORS requests. A wildcard (“*”) allows all domains to make requests.
- If the first domain is allowed to make the request, the second domain responds with the requested content.
- The Access-Control-Allow-Origin header is defined in the second domain’s server configuration. If the header doesn’t contain wildcards and the first domain isn’t explicitly included, the browser displays an error message.From: https://www.maxcdn.com/one/visual-glossary/cors/?utm_source=text