Cross-Origin Resource Sharing
Cross-Origin Resource Sharing
Method of performing XMLHttpRequests across domains
Spec | https://fetch.spec.whatwg.org/#http-cors-protocol |
---|---|
Status | WHATWG Living Standard |
IE | Edge | Firefox | Chrome | Safari | Opera |
---|---|---|---|---|---|
57 | 62 | ||||
56 | 61 | TP (3) | 48 | ||
16 | 55 | 60 | 11 (3) | 47 | |
11 | 15 | 54 | 59 | 10.1 (3) | 46 |
10 (1) | 14 | 53 | 58 | 10 (3) | 45 |
9 (2) | 13 | 52 | 57 | 9.1 (3) | 44 |
8 (2) | 12 | 51 | 56 | 9 (3) | 43 |
Show all | |||||
7 | 50 | 55 | 8 (3) | 42 | |
6 | 49 | 54 | 7.1 (3) | 41 | |
5.5 | 48 | 53 | 7 (3) | 40 | |
47 | 52 | 6.1 (3) | 39 | ||
46 | 51 | 6 (3) | 38 | ||
45 | 50 | 5.1 (1,3) | 37 | ||
44 | 49 | 5 (1,3) | 36 | ||
43 | 48 | 4 (1,3) | 35 | ||
42 | 47 | 3.2 | 34 | ||
41 | 46 | 3.1 | 33 | ||
40 | 45 | 32 | |||
39 | 44 | 31 | |||
38 | 43 | 30 | |||
37 | 42 | 29 | |||
36 | 41 | 28 | |||
35 | 40 | 27 | |||
34 | 39 | 26 | |||
33 | 38 | 25 | |||
32 | 37 | 24 | |||
31 | 36 | 23 | |||
30 | 35 | 22 | |||
29 | 34 | 21 | |||
28 | 33 | 20 | |||
27 | 32 | 19 | |||
26 | 31 | 18 | |||
25 | 30 | 17 | |||
24 | 29 | 16 | |||
23 | 28 | 15 | |||
22 | 27 | 12.1 | |||
21 | 26 | 12 | |||
20 | 25 | 11.6 | |||
19 | 24 | 11.5 | |||
18 | 23 | 11.1 | |||
17 | 22 | 11 | |||
16 | 21 | 10.6 | |||
15 | 20 | 10.5 | |||
14 | 19 | 10.0-10.1 | |||
13 | 18 | 9.5-9.6 | |||
12 | 17 | 9 | |||
11 | 16 | ||||
10 | 15 | ||||
9 | 14 | ||||
8 | 13 | ||||
7 | 12 (1) | ||||
6 | 11 (1) | ||||
5 | 10 (1) | ||||
4 | 9 (1) | ||||
3.6 | 8 (1) | ||||
3.5 | 7 (1) | ||||
3 | 6 (1) | ||||
2 | 5 (1) | ||||
4 (1) |
iOS Safari | Opera Mini | Android Browser | Blackberry Browser | Opera Mobile | Android Chrome | Android Firefox | IE Mobile | Android UC Browser | Samsung Internet | QQ Browser | Baidu Browser |
---|---|---|---|---|---|---|---|---|---|---|---|
11 (3) | |||||||||||
10.3 (3) | all | 56 | 10 | 37 | 59 | 54 | 11 | 11.4 | 5 | 1.2 | 7.12 |
10.0-10.2 (3) | 4.4.3-4.4.4 | 7 (1) | 12.1 | 10 (1) | 4 | ||||||
9.3 (3) | 4.4 | 12 | |||||||||
9.0-9.2 (3) | 4.2-4.3 (1) | 11.5 | |||||||||
Show all | |||||||||||
8.1-8.4 (3) | 4.1 (1) | 11.1 | |||||||||
8 (3) | 4 (1) | 11 | |||||||||
7.0-7.1 (3) | 3 (1) | 10 | |||||||||
6.0-6.1 (3) | 2.3 (1) | ||||||||||
5.0-5.1 (1,3) | 2.2 (1) | ||||||||||
4.2-4.3 (1,3) | 2.1 (1) | ||||||||||
4.0-4.1 (1,3) | |||||||||||
3.2 (1,3) |
Notes
Does not support CORS for images in
<canvas>
Supported somewhat in IE8 and IE9 using the XDomainRequest object (but has limitations)
Does not support CORS for
<video>
in<canvas>
: https://bugs.webkit.org/show_bug.cgi?id=135379
Bugs
IE10+ does not send cookies when withCredential=true (IE Bug #759587). A workaround is to use a P3P policy
IE10+ does not make a CORS request if port is the only difference (IE Bug #781303)
Android and some old versions of WebKit (that may be found in various webview implementations) do not support Access-Control-Expose-Headers: https://code.google.com/p/android/issues/detail?id=56726
IE11 does not appear to support CORS for images in the
canvas
element
Resources
- Mozilla Hacks blog post
- Alternative implementation by IE8
- DOM access using CORS
- has.js test
- Mozilla Developer Network (MDN) documentation - Access control CORS
Data by caniuse.com
Licensed under the Creative Commons Attribution License v4.0.
http://caniuse.com/#feat=cors