Y
Hacker News
new
|
ask
|
show
|
jobs
by
simonw
1180 days ago
The same-origin policy in browsers defaults to preventing JavaScript from making API calls out to any domain other than the one that hosts the page - unless those other domains have the right CORS headers.
https://developer.mozilla.org/en-US/docs/Web/Security/Same-o...