What is CORS? How does it work?

CORS (cross-origin resource sharing) is a technique that allows various resources (such as fonts and JavaScript) on a web page to be accessed from a domain other than the one from which they originated. It’s a technique in HTML5 that controls XMLHttpRequest access to a separate domain.

CORS provides additional HTTP headers that enable access to origin domains that have been approved. The standard requires that browsers use an HTTP OPTIONS request header to obtain a list of supported (and available) methods from the server for HTTP methods other than GET (or POST with specified MIME types). After that, the real request may be sent. Clients can be notified whether or not “credentials” (such as Cookies and HTTP Authentication data) should be provided with requests by servers.