CORS:- Cross Origin Resource Sharing
Earlier, developers having the difficulty in order to make a request to a different domain from javascript. Everyone setup proxies on their websites, which was one of the onset of a new host of open redirect problems, as a way to get around the restriction. Although developers were working around this limitation using server-side proxies as well as number of techniques.
Almost all browser now support CORS (Includes IE 8+, Firefox 3.5+, Chrome)
Cross-Origin Resource Sharing (CORS)
* It is W3C Working draft that defines how the browser and server must communicate when accessing sources across origin. It is specification recommended by the Web Applications Working Group within the W3C.It provides a way for script running in clients browsers to use the XMLHttpRequest API object and make direct HTTP Requests to resources on domains other than from where the script was first loaded. say Zuora REST API.
* CORS provides following features:
Guarantees the data integrity of the API request- Nothing chenaged on its way from your server to customer.
Provides authentication — ensures that the person who generated the request is who they say they are.
The Basic idea behind CORS is to use custome HTTP headers to allow both the browser and the server to know enough about each otherin order to determine if the request or response should suceed or fail.
For a simple request, one that uses either GET or POST with no custom headers and whose body is text/plain, the request is sent with extra header called Origin, The Origin header contains the origin (protocol, domain name, and port) of the requesting page, in order to make the request to serve.
An example Origin header looks like:
Origin: http://www.domainA.comIf the server decides that the request should be allowed, it sends a Access-Control-Allow-Origin header echoing back the same origin that was sent or “*” if it’s a public resource. Say,
Access-Control-Allow-Origin: http://www.domainB.netThis way we can do sharing of resources against different origin.
