What does it do?
A cross origin request is a request for a resource that exists on a different origin from the requesting one. For instance, when a.example.com
requests the webfonts.eot asset from b.example.com
( https://b.example.com/webfonts.eot
). Many browsers block cross origin requests for security reasons.
Cross-Origin Resource Sharing (CORS) is a mechanism that uses HTTP headers to tell browsers to give a web application running at one origin access to selected resources from another origin. The CORS header specifies which domains are allowed to access resources on the origin website. The CORS header has the syntax:
Access-Control-Allow-Origin: https://foo.example.org
Use a header value of "*" to give all origins access to your site's assets. Or you can configure specific ones as in the example above.
When and how should I use it?
If other websites or subdomains pull content from your website you should configure the CORS header to allow these sites to continue pulling content without any interruptions.