From Web Security
Jump to: navigation, search

Cross-Origin Resource Sharing: CORS and Uniform Messaging Policy

Alternate proposal:


This document defines a mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: as response header), which would allow that resource to be fetched cross-origin from


There is an ongoing discussion about confused deputy problems in CORS: