Here we look at how Federated Wiki uses CORS headers to enable cross-origin resource sharing. We are particularly interested to see how using CORS might allow us to play nicely with other applications on the web.
CORS is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated - wikipedia 
Mediawiki sites such as Wikipedia look like they are able to work with cross-origin resource sharing (CORS).
Once we have IPFS playing nicely with CORS headers, we aim is to have Fedwiki running as a pure Javascript application served by IPFS.
CORS defines a way in which a browser and server can interact to safely determine whether or not to allow the cross-origin request.
Simple example
When a CORS-compatible browser attempts to make a cross-origin request.
1. When a page from http://www.foo.com attempts to access a user's data in bar.com, the following request header would be sent to bar.com:
Origin: http://www.foo.com
2. The server may respond with:
Access-Control-Allow-Origin: http://www.foo.com
In full the server may reply with either:
- An Access-Control-Allow-Origin (ACAO) header in its response indicating which origin sites are allowed.
- An error page if the server does not allow the cross-origin request
- An Access-Control-Allow-Origin (ACAO) header with a wildcard that allows all domains:
Here is an example of a returned wildcard header:
Access-Control-Allow-Origin: *