> For the complete documentation index, see [llms.txt](https://fabco.gitbook.io/dappy-spec/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://fabco.gitbook.io/dappy-spec/sections-specific-to-browser-and-web-applications/cross-origin-resource-sharing-cors.md).

# Cross-origin resource sharing (CORS)

CORS works with HTTP headers sent by servers at the top level navigation. it is poorly understood by developers and often badly implemented. A browser may block requests going to `a.com` if they are initiated by `b.com` or any origin not whitelisted by the `Access-Control-Allow-Origin` header.

Dappy browser sets a `Origin` header on each requests coming from a tab, the server can easily know which website the client was visiting when the request was sent. Restricted actions that require an authentication must be authorized through cookies, headers or the body of the request itself. The server does not need CORS for any of these 3 checks.

Due to the very strong policy on the [name system](/dappy-spec/specs-and-web-standards/name-system.md) and [Content Security Policy](/dappy-spec/sections-specific-to-browser-and-web-applications/content-security-policy-csp.md) at the name system level, we think that this feature does not need to be supported. Headers related to CORS are ignored by the browser.

If you think this is a mistake or have comments, please reach out to us on [discord](https://discord.gg/8Cu5UFV) or by email.

See [Mozilla's documentation on CORS](https://developer.mozilla.org/en/docs/Web/HTTP/CORS)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://fabco.gitbook.io/dappy-spec/sections-specific-to-browser-and-web-applications/cross-origin-resource-sharing-cors.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
