image/svg+xml
User Agent
DOM Environment
Web App Resource
hello-world.example
Shared Resource
example.com/hello
(Load)
hello-world.example
GET /helloOrigin: http://hello-world.example
new XMLHttpRequest()
XMLHttpRequest
open("GET","http://example.com/hello")
Access-Control-Allow-Origin: http://hello-world.exampleHello World!
Access Check
Hello World!
The user agent evaluates whetherthe requesting origin is on the shared resource's list of allowedorigins. If so, it allows access tothe resource.