Page content

Cross-Origin Resource Sharing (CORS)

What requests use CORS?

This cross-origin sharing standard can enable cross-site HTTP requests for:

Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-site and used by web sites that are permitted to do so.
WebGL textures.
Images/video frames drawn to a canvas using drawImage().
CSS Shapes from images.

Simple Requests

Some requests don’t trigger a CORS preflight. Those are called simple requests

A simple request is one that meets all the following conditions: on of these Methods

  • GET
  • HEAD
  • POST

Manual Headers

  • Accept
  • Accept-Language
  • Content-Language
  • Content-Type: ( application/x-www-form-urlencoded | multipart/form-data | text/plain )


If the request is made using an XMLHttpRequest object, no event listeners are registered on the object returned by the XMLHttpRequest.upload property used in the request; that is, given an XMLHttpRequest instance xhr, no code has called xhr.upload.addEventListener() to add an event listener to monitor the upload.

No ReadableStream object is used in the request

sha256: 6126842454048a227f1f7533d2200a544afca8d8f35b73a4899020fc834cd34e