Cross-origin resource sharing (CORS) is a mechanism that allows a web page to access restricted resources from a server on a domain different than the domain that served the web page. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. CORS de
![Cross-origin resource sharing - Wikipedia](https://cdn-ak-scissors.b.st-hatena.com/image/square/47c3a3cf28060627f928905d1485eca032e285d0/height=288;version=1;width=512/https%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fthumb%2Fc%2Fca%2FFlowchart_showing_Simple_and_Preflight_XHR.svg%2F512px-Flowchart_showing_Simple_and_Preflight_XHR.svg.png)