CORS - Cross Origin Request Sharing
When you want to access resource from another domain via ajax call then that domain has to allow it by setting "Access-Control-Allow-Origin" in the response header. 1. If "Access-Control-Allow-Origin" is * then all the domains can access the resource 2. It is also possible t whitelist the domain names example: Access-Control-Allow-Origin: http://foo.example 3. Multiple domain names in the Access-Control-Allow-Origin is not allowed. Rather the server side script should read the "Origin" in the request header and match with whitelisted domain names and set that domain name in the Access-Control-Allow-Origin response header. 4. In XHR request "Origin" header is automatically set.