A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one which the first resource itself serves.
For example, XMLHttp Request follows the same-origin policy.So, a web application using XMLHttp Request make HTTP requests to its own domain.To improve web applications, developers asked browser vendors to allow XMLHttp Request to make cross-domain requests.The W3C Web Applications Working Group recommends the new Cross-Origin Resource Sharing (CORS) mechanism.CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers.
Modern browsers use CORS in an API container - such as XMLHttp Request - to mitigate risks of cross-origin HTTP requests.
This article is for web administrators, server developers and front-end developers.
Modern browsers handle the client-side components of cross-origin sharing, including headers and policy enforcement.
But this new standard means servers have to handle new request and response headers.
Another article for server developers discussing cross-origin sharing from a server perspective (with PHP code snippets) is supplementary reading.
This cross-origin sharing standard is used to enable cross-site HTTP requests for: This article is a general discussion of Cross-Origin Resource Sharing, and includes a discussion of the HTTP headers as implemented in Firefox 3.5.