Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have difficulties in seeing the point of the Access-Control-Allow-Origin http header.
I thought that if a client (browser) gets a “no” from a server once, than it will not send any further requests. But chrome and firefox keep sending requests.
Could anyone tell me a real life example where a header like this makes sense?
thanks!
The
Access-Control-Allow-Originheader should contain a list of origins which are “allowed” to access the resource.Thus, determining which domains can make requests to your server for resources.
For example, sending back a header of
Access-Control-Allow-Origin: *would allow all sites to access the requested resource.On the other hand, sending back
Access-Control-Allow-Origin: http://foo.example.comwill allow access only to http://foo.example.com.There’s some more information on this over at the Mozilla Developer Site
For example
Let’s suppose we have a URL on our own domain that returns a JSON collection of Music Albums by Artist. It might look like this:
We might use some AJAX on our website to get this JSON data and then display it on our website.
But what if someone from another site wishes to use our JSON object for themselves? Perhaps we have another website
http://subdomain.ourdomain.comwhich we own and would like to use our feed fromourdomain.com.Traditionally we can’t make cross-domain requests for this data.
By specifying other domains that are allowed access to our resource, we now open the doors to cross-domain requests.