CORS
Same-Origin-Policy
The Same-Origin-Policy (SOP) is an important security concept implemented in all web browsers. However, a script restricts the use of resources of its own website as well as limits the use of elements or resources from other websites and / or locations other than Origin. This measure entails to safeguard you from other websites or applications attacks.
CORS
Cross-Origin Resource Sharing (CORS) is a mechanism to enable Cross-Origin-Requests.
Extend the header to allow external website or application requests, as well as approve external websites with the following parameters:
Access-Control-Allow-Origin: http://external.website.com
The external website can not be known before. Therefore all websites should be allowed.
Access-Control-Allow-Origin: *
You can limit which hosts are allowed to be used as Origin in the ApiOmat Configuration Files.
Default Accept Headers
There are several default accepted headers, mostly required by browser requests:
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Cache-Control, Expires, Last-Modified
Issues with Internet Explorer 8/9
Not all browsers fully support CORS and Internet Explorer 8 and 9 only partially support the feature. Hence, use the ApiOmat webhosting module for these browsers.
Webhosting module
With the Webhosting module you can host your website at ApiOmat. Starting from a simple static landing page for your product to a full-featured web frontend of your app – everything is possible. You can use HTML, CSS, Javascript files, images, and of course all sorts of binary data.with the exception of CGI scripts.
Execute all requests on the same domain, including Same-Origin-Policy since HTTPS protects all the requests.