Basically getting resources from a different origin.
It is an HTTP-header based mechanism that allows a server to indicate any other origins than its own from which a browser should permit loading of resources
CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain.
CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request.
In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.
With CORS support, you can build rich client-side web applications with S3 and selectively allow cross-origin access to your S3 resources.
For example, you are hosting a website in an Amazon S3 bucket named website.
Your users load the website endpoint:
For example, you want to host a web font from your S3 bucket.
Again, browsers require a CORS check (also called a preflight check) for loading web fonts.
You would configure the bucket that is hosting the web font to allow any origin to make these requests.
The CORS header has to be defined at the Cross-Origin bucket; not the source bucket.