Cross-Origin Resource Sharing (CORS)
Before understanding CORS, let us understand the significance of the same origin policy. The cross-origin policy is a critical aspect of a web application security model. In a web application security model, by default, a web browser does not allow a script file associated with a web page to access data associated on a page in a different hostname, domain, or port number. The purpose of cross-origin policy is to prevent any malicious script embedded on one page to access sensitive data on another web page.
For example, a script hosted in a page books.html on www.packtpub.com, can access the Document Object Model (DOM) of any page within the same domain, that iswww.packtpubs.com. If it tries to access DOM of a page hosted on another domain, the access is denied. Even if a page is hosted on a subdomain such as books.packtpubs.com, when it tries to access DOM of another page on projects.packtpubs.com, it is denied the access. This is a way to maintain the...
