In chapter 15, you learned that an origin is defined by the protocol (scheme), host, and port of a URL. Every browser implements a same-origin policy (SOP). The goal of this policy is to ensure that certain resources are accessible to documents with only the “same origin.” This prevents a page with an origin of mallory.com from gaining unauthorized access to a resource originating from ballot.charlie.com.
Think of Cross-Origin Resource Sharing (CORS) as a way to relax the browser’s SOP. This allows social.bob.com to load a font from https://fonts.gstatic.com. It also lets a page from alice.com send an asynchronous request to social.bob.com. In this chapter, I’ll show you how to safely create and consume shared resources with django-cors-headers. Because of the nature of CORS, this chapter contains more JavaScript than Python.