OpenAM with CORS: Is that a salad, dessert or main course?

While the title suggests this might be something to enjoy with a spoon or a fork, I assure you this is not the case. CORS stands for “Cross-origin resource sharing”.

To put CORS it in context let me take you back in history and remind you that the world wide web took form more than 25 years ago and it started with static pages in HTML. Several years after that Brendan Eich designed a scripting language for the web called Mocha and this soon was renamed into what we know now as JavaScript. It was a brilliant move, it gave dynamism to the web.

While dynamic pages is good, we must keep an eye on security when using scripted languages like JavaScript. So, there are some restrictions and one of them is the “Same-origin policy”, which restricts how a document or script loaded from one origin can interact with resources from another origin. This policy is used to prevent some of the Cross-Site Request Forgery attacks (CSRF). This is enforced by the web browser and this is what prevents AJAX (XMLHttpRequest) requests to access resources outside the parent page with POST, PUT, DELETE, custom headers and other type of verbs.

Read more at – OpenAM with CORS: Is that a salad, dessert or main course?