In this chapter, we learned the following:
Total global
CORS
/XDomainRequest
support is 93.56% as of March 2015AJAX support in the browser must be checked, and a handler should be used in case it is not supported
A preflight request before the actual request can ensure usability and improve security
Avoid using the wildcard in the he
Access-Control-Allow-Origin
headerHTTP requests and response headers play a role in usability and security
CORS requests
withcredentials
provide better securityWhen making CORS requests
withCredentials
, we can set and reading cookies on the target domainThe CORS security cheat sheet by OWASP provides a checklist of best practices
In the next chapter, you will learn about using CORS in popular Content Management Systems, such as WordPress, Drupal, Joomla, and Adobe CQ.