Too Long; Didn't Read
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. CORS works by adding HTTP headers to requests and responses that indicate whether the request or response is allowed to access the resources. The same-origin policy is a security measure that prevents a malicious script from accessing resources that the user of the page is not intended to have access to.