Monday, November 02, 2015

Cross-Origin Resource Sharing (CORS) @ Azure

Cross-Origin Resource Sharing (CORS) Support for the Azure Storage Services
"CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain. See the CORS specification for details on CORS."

Cross-origin resource sharing - Wikipedia, the free encyclopedia
"Cross-domain" AJAX requests are forbidden by default because of their ability to perform advanced requests (POST, PUT, DELETE and other types of HTTP requests, along with specifying custom HTTP headers) that introduce many cross-site scripting security issues.

No comments: