Biotechnology for Sustainability - SLU
Banco BPI 2008
In this case, you're not making a cross-origin request; you're just loading data from the same origin as the page. But if you were, you'd need to understand how the CORS headers work: they need to be sent by the remote server as part of the response. You cannot set them as part of the request, since this would bypass their primary purpose. Browsers without CORS can't do cross-origin requests. Before CORS, JSONP was used to circumvent this restriction. JSONP doesn't use XHR, it uses the