CORS Cross-Origin Resource Sharing in English and Sharing source resources is an agreement on how to switch features between browser and server when the browser attempts to access a domain other than the one in which you are browsing.
It is a set of rules, a W3C specification , for what kind of resources can be accessed, and how to limit them. These rules are implemented by browsers / browsers, and it is this (the browser) that limits access.
These rules were imposed for security reasons. To prevent scripts on the page from freely accessing and ordering from other sites and interacting with them.
In the server part the door can be "opened" to one, several or all requests / domains. This implementation is language specific but in the background implies that there are headers present that the browser can read:
Access-Control-Allow-Origin: * // <- aberto para todos
Access-Control-Allow-Origin: http://example.com:8080 http://foo.example.com // <- só estes dois dominios podem aceder
Regarding the error:
XMLHttpRequest can not load link . Response to preflight request does not pass access control check: In 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' link ' is therefore not allowed access.
When the browser reads in the url for example http: it assumes that it is an external url. In fact http://localhost/ should be interpreted as "same domain" but because of http the browser thinks it is not ... To solve this problem, which also applies in online domains, you should use relative paths, and not absolute with http... etc .
More reading:
. Wikipedia: link
. W3C: link In English
. MDN: link In English
