Garry Shutler

Cross-site XmlHttpRequest with CORS

January 5, 2011 · 1 min read

I was working on a personal project over the Christmas period and wanted to make cross-site requests from an AJAX client to an API.

As the client and the API were hosted on different domains they violated the same origin policy implemented by almost all browsers. Modern browsers allow cross-site AJAX requests if the API allows cross-origin resource sharing (CORS).

The resources I found at the time on this were a little bare on details but I managed to piece it together and get something working. I was planning on writing a blog post about how to do it but now I know all the terminology I came across this complete article that explains CORS very well, linking to several useful resources.


Photo of Garry Shutler

Hey, Iā€™m Garry Shutler

CTO and co-founder of Cronofy.

Husband, father, and cyclist. Proponent of the Oxford comma.