Cross-Origin Resource Sharing (CORS)
From RemObjects Wiki
This is a Technical Glossary topic
Feel free to add your notes to this topic below.
New page awaiting review
Please do not rely on the content. After review, the page will be indexed and may have its name changed.
If you have suggestions for this page, please send them to us: email.
Web browsers commonly apply same-origin restrictions to network requests. Basically, it means that web application running from site A can't access data at site B.
Cross Origin Resource Sharing extends this model allowing the server B to return the list of allowed origins in a response header. Then user agent (web browser) checks if A presents in that list.
For the simplest 'allow to all' case it's enough to add to the response headers following line:
Access-Control-Allow-Origin: *
To enable CORS at any RemObjects HTTP server channel set its SendCrossOriginHeader property to true and add OnSendCrossOriginHeader handler to override default '*'
See Also
- TROBaseHTTPServer
- HttpServerChannel
- Read more about CORS at http://www.w3.org/TR/cors
