Using CORS headers
In the web application security model, the same-origin policy is an important concept. The basic principle is that content provided by unrelated websites must be strictly separated on the client side; otherwise, confidentiality or data integrity might be compromised, perhaps through cross-site scripting attacks. In other words, web pages or scripts running on pages can only access scripts or pages from the same domain as they came from; no access to other sites is allowed. For example, http://www.example.com/dir/page2.html cannot access http://en.example.com/dir/other.html. However, in a number of cases, this is too strict, as in AJAX calls with HttpRequest we have to load data from another server (refer to Chapter 7, Working with Web Servers). To make this possible, the CORS mechanism (cross-origin resource sharing) was developed, which is supported by most modern web browsers. This recipe will enable you to easily achieve this by performing the following steps.
