Cross-origin resource sharing
Mechanism to request restricted resources on a web page from another domain / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Cross-origin resource sharing?
Summarize this article for a 10 year old
Cross-origin resource sharing (CORS) is a mechanism that allows a web page to access restricted resources from a server on a domain different than the domain that served the web page.
A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos.[1] Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request.[2] It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests.
The specification for CORS is included as part of the WHATWG's Fetch Living Standard.[3] This specification describes how CORS is currently implemented in browsers.[4] An earlier specification was published as a W3C Recommendation.[5]