response cors code example

Example 1: what is cors

“CORS” stands for Cross-Origin Resource Sharing. 
It allows you to make requests from one website to another website 
in the browser, which is normally prohibited by another browser policy 
called the Same-Origin Policy (SOP).

Example 2: what is CORS

Use CORS to allow cross-origin access. 
CORS is a part of HTTP that lets servers specify any other hosts 
from which a browser should permit loading of content.

How to block cross-origin access
To prevent cross-origin writes, 
	check an unguessable token in the request — known as a Cross-Site Request Forgery (CSRF) token. 
    prevent cross-origin reads of pages that require this token.
To prevent cross-origin reads of a resource, 
	ensure that it is not embeddable.
    prevent embedding because embedding a resource always leaks some information about it.
To prevent cross-origin embeds, 
	ensure that your resource cannot be interpreted
    Browsers may not respect the Content-Type header. 
For example, if you point a <script> tag at an HTML document, the browser will try to parse the HTML as JavaScript. When your resource is not an entry point to your site, you can also use a CSRF token to prevent embedding.

Example 3: conflict paypal api javascript with user agent Mozilla/5.0 Google

//You must to update the PayPal script to the new URL with SDK
//all documentation with the upgrade in
//https://developer.paypal.com/docs/checkout/reference/upgrade-integration/
<script src="https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID"></script>