A detailed explanation can be found on my blog
In order to run the examples:
- Install node.
- Execute npm install in the root folder of the project (where the package.json file is located). This will install all the required dependencies.
- Execute run_servers.bat in one of the subfolders, this will start 2 web servers with a different origin (the port numbers differ).
- Use your browser to navigate to localhost:3000. The web pages will perform cross-domain requests on page load.
- Inspect the results in your browser window and in the server consoles.
The project illustrates the following scenarios:
- CrossDomainNotAllowedByDefault: Demonstrates failing cross-origin requests.
- JSONP: Demonstrates a simple cross-origin GET request with a server that supports JSONP.
- Proxy: Demonstrates a work-around for cross-origin requests by having a local proxy server in the same domain.
- CORS: Demonstrates a whitelist approach servers can use to allow cross-origin requests.
- iframe and postMessage: demonstrates a sandboxed client-side proxy mechanism using window.postMessage and iframes. Note that this approach can also be used with other cross-domain request techniques to limit potential security leaks.
The examples are written in express, a web application framework for node.js and some jQuery on the client.