Cross Origin Resource Sharing (CORS)

Web browsers commonly apply same-origin restrictions to network requests. This basically means that a web application running from site A can't access data at site B.

Cross Origin Resource Sharing extends this model by allowing the server B to return the list of allowed origins in a response header. The user agent (web browser) then checks if A is present in that list.

For the simplest allow all case it's enough to add following line to the response header:

Access-Control-Allow-Origin: *

To enable CORS for any RemObjects HTTP server channel, set its SendCrossOriginHeader property to true and add an OnSendCrossOriginHeader handler to override the default *.

See Also

• HttpServerChannel (.NET)
• TROBaseHTTPServer (Delphi)
• Read more about CORS at https://www.w3.org/wiki/CORS