Resources Web Security

CORS cross origin resource sharing links and resources for developers

CORS Cross origin resource sharing allows you to decide if a script from a domain other than your website/app can access data aka make AJAX calls etc. to your server. For your frontend API you probably want to limit the origin to just your domain. For a developer API you probably want to allow all origins.

CORS for Developers by W3C – explains CORS for developers in clear wording

Configuring play framework 2.8 CORS filter