Table of Content
Access-Control-Allow-Origin header is part of the Cross-Origin Resource Sharing (CORS) specification, which enables secure cross-site request functionality across the web. Its main purpose is to indicate which origins are allowed to read the resource on a web page.
The syntax for the
Access-Control-Allow-Origin header is as follows:
<origin> is a single origin that may access the resource. The
* wildcard allows all origins.
There are two primary directives for
<origin>: Specifies an origin. Only a single origin can be specified.
*: Any origin may access the resource. This might be used with
Access-Control-Allow-Credentials, otherwise, the
*literal is used in the header.
The following are some examples of how to use
- Allowing any site to access your resource.
- Allowing a specific website to access your resource.
How to modify Access-Control-Allow-Origin header
ModHeader is an extension available for Chrome that allows you to modify and customize HTTP request headers. It can be particularly useful for testing CORS by setting
Install ModHeader from the Chrome Web Store.
After installing, click on the ModHeader icon in the toolbar, and you will see input fields for 'Request Headers'.
Access-Control-Allow-Originin the 'Name' field and either
*or a specific origin URL, like
http://specific.website.com, in the 'Value' field.
Now, whenever Chrome makes a request to a server, it will include this header with the specified value.