This page is intended to give a simple summary of what CORS is. If you require more information or are interacting with CORS in any meaningful way, please refer to the articles linked at the bottom of this page.
CORS is a policy implemented into your browser to block malicous cross-orgin requests.
When one website's Javascript wants to make a request to another website, it talks to the browser, which takes care of actually making the request. Part of this process includes checking whether the request fits within the CORS protocols. See the example below.
Javascript embeded on example.com asks the browser to fetch the contents of information.example.
The browser sends a GET request to information.example. One of the headers specifies that the request comes from example.com.
If the owners of information.example have configured the website to allow cross-origin requests, the browser will recieve a response and pass it onto the Javascript on example.com.
If the owners of information.example have not configured the website to allow cross-origin requests, the browser will recieve a response saying that the request should be blocked. The browser will then tell the Javascript on example.com that the request is blocked.