Cross-origin request

The cross-origin request is a direct, internal access from a website on server A to a second server B, which may be in a different domain .

Access of this kind has been prevented since 1996 by the security concept Same-Origin-Policy of web browsers if it is done with the programming language JavaScript . This means that the passwords of an application are not visible even indirectly.

The World Wide Web Consortium W3C defines an alternative method Cross-Origin Resource Sharing CORS that web browsers and clients which allow access to individual, self-contained resources of other origin. This is a compromise in favor of greater flexibility, taking into account the highest possible security measures.

Example: An HTML page is provided by a server via the domain . The HTML page contains a JavaScript instruction which loads an image whose URL points to another server . This is a cross-origin request that is only executed under certain conditions. http://www.domain-A.dehttp://www.domain-B.de/image.jpg

Individual evidence

↑ Cross-Origin Resource Sharing. Retrieved March 29, 2018 (American English).
↑ Cross-Origin Resource Sharing (CORS). Retrieved March 29, 2018 (American English).

[1] Cross-Origin Resource Sharing. Retrieved March 29, 2018 (American English).

[2] Cross-Origin Resource Sharing (CORS). Retrieved March 29, 2018 (American English).