Is CORS a secure way to do cross-domain AJAX requests?

Question

After reading about CORS (Cross-Origin Resource Sharing), I don\'t understand how it improves security. Cross-Domain AJAX communication is allowed if the correct ORIGIN head

Answer 1

The purpose is to prevent this -

• You go to website X
• The author of website X has written an evil script which gets sent to your browser
• that script running on your browser logs onto your bank website and does evil stuff and because it's running as you in your browser it has permission to do so.

The ideas is that your bank's website needs some way to tell your browser if scripts on website X should be trusted to access pages at your bank.