The Same-Origin-Policy (SOP) is an important security concept implemented in all web browsers. However, a script restricts the use of resources of its own website as well as limits the use of elements or resources from other websites and / or locations other than Origin. This measure safeguards you from other websites or application attacks.
Cross-Origin Resource Sharing (CORS) is a mechanism to enable Cross-Origin-Requests.
Extend the header to allow external website or application requests as well as approve external websites with the following parameters:
The external website can not be known beforehand. Therefore all websites should be allowed.
You can limit which hosts are allowed to be used as Origin in the ApiOmat Configuration.
Default Accept Headers
There are several default accepted headers, mostly required by browser requests:
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Cache-Control, Expires, Last-Modified
Issues with Internet Explorer 8/9
Not all browsers fully support CORS and Internet Explorer 8 and 9 only partially support the feature. Hence, use the ApiOmat webhosting module for these browsers.
Execute all requests on the same domain, including Same-Origin-Policy since HTTPS protects all the requests.