Here we look at how Federated Wiki uses CORS headers to enable cross-origin resource sharing. We are particularly interested to see how using CORS might allow us to play nicely with other applications on the web.

CORS is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated - wikipedia

Mediawiki sites such as Wikipedia look like they are able to work with cross-origin resource sharing (CORS).

Once we have IPFS playing nicely with CORS headers, we aim is to have Fedwiki running as a pure Javascript application served by IPFS.

CORS defines a way in which a browser and server can interact to safely determine whether or not to allow the cross-origin request.

Simple example

When a CORS-compatible browser attempts to make a cross-origin request.

1. When a page from attempts to access a user's data in, the following request header would be sent to


2. The server may respond with:


In full the server may reply with either:

  • An Access-Control-Allow-Origin (ACAO) header in its response indicating which origin sites are allowed.
  • An error page if the server does not allow the cross-origin request
  • An Access-Control-Allow-Origin (ACAO) header with a wildcard that allows all domains:

Here is an example of a returned wildcard header:

Access-Control-Allow-Origin: *