A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which the first resource itself serves.

Step by step, how CORS works:

  1. A user opens a resource on a webpage which references to another domain.
  2. The user’s browser creates a connection to the second domain, adding an ‘Origin’ HTTP header to the request which contains the first domain.
  3. The second domain replies with an ‘Access-Control-Allow-Origin’ HTTP header which lists the domains allowed to make CORS requests. (* allows all domains to make requests.)
  4. If the first domain is allowed to make the request, the second domain responds with the requested content.
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.