Cross-origin resource sharing (CORS) is a method for web applications to fetch resources from a different domain.
A web page can load images, videos, stylesheets, and other media resources from any domain by default. But if the page tries to make an AJAX request to an endpoint served on another domain, the browser will block it.
This check is a security feature built into browsers. It's defined as the 'Same-origin' policy. It serves to protect against malicious scripts crawling other websites and accessing sensitive data such as cookies.
The server can accept the request by adding an HTTP header to the response.
If the server's response has the correct header and the value corresponds to the domain the request was made from, then the browser will allow the request through.
The server can also allow requests from all domains by adding a wildcard.