CORS

Cross-origin resource sharing (CORS) is a mechanism that allows JavaScript on a web page to make XmlHttpRequest-s to another domain, not the domain the JavaScript originated from.[1] Such "CrossDomain" requests would otherwise be forbidden by web browsers, per the same origin security policy. CORS defines a way in which the browser and the server can interact to determine whether or not to allow the cross-origin request.[2] It is more powerful than only allowing same-origin requests, but it is more secure than simply allowing all such cross-origin requests... CORS can be used as a modern alternative to the JSONP pattern. While JSONP supports only the GET request method, CORS also supports other types of HTTP requests. Using CORS enables a web programmer to use regular X M L Http Request, which supports better error handling than JSONP. On the other hand, JSONP works on legacy browsers which predate CORS support. CORS is supported by most modern web browsers. Also, whilst JSONP can cause cross-site scripting (XSS) issues where the external site is compromised, CORS allows websites to manually parse responses to ensure security. http://en.wikipedia.org/wiki/Cross-origin_resource_sharing


Edited:    |       |    Search Twitter for discussion