CORS problems without restrictions code example

Example 1: javascript cors error

$.ajax({
            headers: { "Accept": "application/json"},
            type: 'GET',
            url: 'http://cl.ly/2wr4',
            crossDomain: true,
            beforeSend: function(xhr){
                xhr.withCredentials = true;
          },
            success: function(data, textStatus, request){
                console.log(data);
            }
 });

Example 2: what is cors

CORS” stands for Cross-Origin Resource Sharing. 
It allows you to make requests from one website to another website 
in the browser, which is normally prohibited by another browser policy 
called the Same-Origin Policy (SOP).

Example 3: what is CORS

Use CORS to allow cross-origin access. 
CORS is a part of HTTP that lets servers specify any other hosts 
from which a browser should permit loading of content.

How to block cross-origin access
To prevent cross-origin writes, 
	check an unguessable token in the request — known as a Cross-Site Request Forgery (CSRF) token. 
    prevent cross-origin reads of pages that require this token.
To prevent cross-origin reads of a resource, 
	ensure that it is not embeddable.
    prevent embedding because embedding a resource always leaks some information about it.
To prevent cross-origin embeds, 
	ensure that your resource cannot be interpreted
    Browsers may not respect the Content-Type header. 
For example, if you point a <script> tag at an HTML document, the browser will try to parse the HTML as JavaScript. When your resource is not an entry point to your site, you can also use a CSRF token to prevent embedding.