CORS

A same origin policy (SOP), also called single origin policy (SOP), is a security measure for web browser programming language such as JavaScript and AJAX to ensure information confidentiality and integrity. An SOP prevents scripts of one website from accessing scripts of other websites, ensuring that scripts and other contents of one website and domain will not interact with those of other websites and domains and thereby avoiding unexpected results.

However, in some cases, a domain developer may have a proper reason to access resources at other locations. Cross-Origin Resource Sharing (CORS) of OBS enables the developer to set the browser to allow this operation. CORS is a mechanism proposed by the W3C and allows clients' cross-origin requests. APIs can invoke interfaces that are defined in the CORS to request cross-origin resources. Web programs constructed by the developer can request contents of other domains except the domain of the web programs. For example, cross-origin access is not allowed for AJAX in the new HTML5 standard by default unless a target site (for example http://www.foo.com) returns the following HTTP response header:

Access-Control-Allow-Origin: http://www.origin.com

The scripts of clients on www.origin.com can use the AJAX technology to perform data reads and writes on www.foo.com. The response header Access-Control-Allow-Origin is a header that is defined in CORS.

Registration