<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] ([CORS]) is a [protocol] that enables scripts running on a [browser] client to interact with resources from a different [Web Origin] (origin). 


[{$pagename}] is useful because, thanks to the [Same Origin Policy] followed by [XMLHttpRequest] and [Fetch API], [JavaScript] can only make calls to [URLs] that live on the same [Web Origin] as the location where the script is running. For [example], if a [JavaScript] app wishes to make an [AJAX] call to an [API] running on a different [DNS Domain], it would be blocked from doing so thanks to the [Same Origin Policy]. 

[{$pagename}] is a mechanism that uses additional [HTTP Header Fields] to tell a [browser] to let a web [application] running at one [Web Origin] have [permission] to access selected [resources] from a server at a different [Web Origin]. 

If such an [API] is used on http://example.org [resources], a resource on http://hello-world.example can opt in using the [{$pagename}] mechanism described by the [{$pagename}] (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org.

Another [example], if you're running a React [SPA] that makes calls to an [API] backend running on a different [DNS Domain]. Web fonts also rely on [CORS] to work.


[{$pagename}] specification from [WC3] has been updated by the [Fetch API] from [WHATWG]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Cross Origin Resource Sharing|http://www.w3.org/TR/access-control/|target='_blank'] - based on data observed:2015-05-18
* [#2] - [CORS Tutorial: A Guide to Cross-Origin Resource Sharing|https://auth0.com/blog/cors-tutorial-a-guide-to-cross-origin-resource-sharing/|target='_blank'] - based on information obtained 2019-08-24 
* [#3] - [Cross-Origin Resource Sharing (CORS)|https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS|target='_blank'] - based on information obtained 2019-08-24 
* [#4] - [3.2. CORS protocol|https://fetch.spec.whatwg.org/#cors-protocol|target='_blank'] - based on information obtained 2019-08-24 









</pre>