CORS
Cross Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate what origins (for example domain names) are allowed to load data from the server. Generally, access to resources that live on third parties is restricted by the browser for security purposes.
Example
When you try to load content from an external source on your website ‘www.example.com’ and no CORS policy is present on the external source, the content will not load and the following error may be raised in your browser console:
Access to XMLHttpRequest at 'http://external-resource/example.png/' from origin 'http://www.example.com’ has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
In other words; Users on www.example.com cannot load assets from http://external-resource because it is not whitelisted by the http://external-resource website.
To be able to load the content on ww.example.com, the http://external-resouce needs to add the “Acess-Control-Allow-Origin: www.example.com” HTTP Header to its responses to make the user’s browser accept and load the file.
Tinify CDN CORS rules
Tinify CDN always includes an ‘Acess-Control-Allow-Origin: *’ so you can load the content without any issue on your website.
