The browser has a CORS mechanism which\u00a0 restricts the loading of resources from another domain. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request<\/p>\n\n\n\n
The header which controls accesses is
Access-Control-Allow-Origin <\/p>\n\n\n\n
So if this header is not present, the CORS request fails. Even if it is present, it should be having the value which allows the requesting domain in it.<\/p>\n\n\n\n
To allow all domains one can use \u201c*\u201d.<\/p>\n\n\n\n
However, one web page can freely embed images, videos, stylesheets etc. But AJAX requests to another domain aren’t allowed as per this rule.<\/p>\n\n\n\n
Preflight Request<\/strong><\/p>\n\n\n\n Most modern browsers make an extra request prior to executing the requested AJAX request to the other server asking them if such a request is allowed. <\/p>\n\n\n\n The requested server needs to be respond with two headers Access-Control-Allow-Origin: http:\/\/www.example.com<\/p>\n\n\n\n Access-Control-Allow-Methods: PUT, DELETE<\/p>\n\n\n\n If the origin and method both are allowed as mentioned in the request, it then goes ahead and makes the request else leaves it.<\/p>\n\n\n The browser has a CORS mechanism which\u00a0 restricts the loading of resources from another domain. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request The header which controls accesses isAccess-Control-Allow-Origin So if this header is not present, the CORS request fails. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[97],"tags":[],"class_list":["post-1779","post","type-post","status-publish","format-standard","hentry","category-tech-learnings","has-post-title","has-post-date","has-post-category","has-post-tag","has-post-comment","has-post-author",""],"yoast_head":"\n
If service.example.com is willing to accept the action, it may respond with the following headers:<\/p>\n\n\n\n