Cross-Origin Resources Sharing
What is the problem?
. This is a good idea in principle as it protects you from bad sites hacking your bank account or other relevant data.
Accessing data from public APIs can be done either by JSONP requests (padding JSON, embedded JSON used by a callback method) or making [[
requests. Another possibility is to make requests via a proxy but this requires the client does have a server backend available. This is not the case in Android Apps for example. Anyway, it requires addition configuration of the backend.
CORS is a W3C specification
and is broadly implemented by all new browsers
types. Creating CORS requests on client side mostly means to add an
URL as HTTP Header. If the remote server was configured to allow the client's Origin accessing the server's resources it returns an OK, otherwise the same-origin-policy applies.
We won't repeat HowTos which have already been written. HTML5Rocks supply is a good one
Apache Tomcat since version 7+ provides a CORS filter which can easily configured in a web application's web.xml. See Tomcat's filter documentation
for a detailed description.
There are plenty of other servers which can be configured to handle CORS