What does these headers mean and what are their functions?

Question

While reading some tutorial I found that

app.use(function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header('Access-Control-Allow-Methods', 'DELETE, PUT');
   res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
   next();
});

What does every res.header mean? and what are their functions?

They are [CORS headers](http://stackoverflow.com/questions/7067966/how-to-allow-cors) — Suraj Rao, May 09 '17 at 06:35

Egor Stambakio · Accepted Answer · 2017-05-09T06:44:02.633

These headers allow cross-domain access: https://ru.wikipedia.org/wiki/Cross-origin_resource_sharing

Without these headers client scripts are allowed to get data from your server (edited: in your case you specify request types DELETE and PUT) only if their origin is the same (i.e. your client-side html and javascript are loaded from the same domain name). Scripts from different domains will receive an error like 'this origin is not allowed' or something like that.

What does these headers mean and what are their functions?

1 Answers1