Connecting to 3rd Party API’s with CORS

CORS stands for cross-origin resource sharing and it is an HTML5 feature that allows you to connect to 3rd party API’s without hitting browser security warnings. In the past, you’d usually have to write server-side API wrappers or use JSONP, which only works for reading and isn’t supported by many API’s. Now, with CORS, you can forgo the wrapper and even do things like post, put and delete. I have been walking through HTML5 features, going from left to right on HTML5 Readiness, on my blog and as part of this journey I investigated CORS. In my latest article for the ADC, I take a look at the feature in some detail and discuss browser support in current browser versions. I show some examples of how you can connect to the GitHub API, which is one of a growing number of API’s that support CORS. So please read “Understanding Cross-Origin Resource Sharing (CORS)” and please feel free to share your thoughts on the article.

2 Responses to Connecting to 3rd Party API’s with CORS

  1. Rob V Hepler says:

    Thanks for all the information. I understand all of this (well somewhat); however I am completely frustrated on HOW to implement this on the server side. I believe I need to add a line in WEB.XML as follows:

    Header set Access-Cotrol_allow_Origin “www.mine.edu”

    But that is as far as i get… Can anyone be more specific on how this need to happen? Thanks!

  2. Have you seen this site? http://enable-cors.org/server.html

    It offers implementations specific to each web server.