Here we look at how Federated Wiki uses CORS headers to enable cross-origin resource sharing. We are particularly interested to see how using CORS might allow us to play nicely with other applications on the web.
Mediawiki sites such as Wikipedia look like they are able to work with cross-origin resource sharing (CORS).
CORS defines a way in which a browser and server can interact to safely determine whether or not to allow the cross-origin request.
When a CORS-compatible browser attempts to make a cross-origin request.
1. When a page from http://www.foo.com attempts to access a user's data in bar.com, the following request header would be sent to bar.com:
2. The server may respond with:
In full the server may reply with either:
- An Access-Control-Allow-Origin (ACAO) header in its response indicating which origin sites are allowed.
- An error page if the server does not allow the cross-origin request
- An Access-Control-Allow-Origin (ACAO) header with a wildcard that allows all domains:
Here is an example of a returned wildcard header: