Chapter 3. Usability and Security
In this chapter, you will learn how to implement CORS in various scenarios to enable access across domain boundaries.
We will discuss the following:
- CORS and XDomainRequest (IE 8 and 9) browser support
- Detecting AJAX support in the browser
- Using preflight to ensure usability and improve security
- The Access-Control-Allow-Origin header, with and without the wildcard
- HTTP request and response headers for usability and security
- CORS requests with credentials, and setting and reading cookies
- The CORS security cheat sheet by OWASP
Note
We use the term client to denote any user agent capable of making a CORS request. Typically, the client is the browser displaying the page making the request.