There are plenty of resources online that covers the same-origin policy so I will not go into details here. If interested, I highly recommend reading Google’s Browser Security Handbook. Cross-Origin Resource Sharing (CORS) specification enables client-side open access across domain-boundaries generally restricted by same-origin policy. At a high-level, CORS allows client to opt-in to resources other than from same-origin. There are plenty of use cases where you need to share resources cross-origin. For example, Amazon may work with Facebook to leverage your friends’ feedbacks/recommendations while you browse through their products. If such service did exist, Amazon would opt-in to a CORS-enabled Facebook service. Echo ServiceI’ve…