Is CORS a secure way to do cross-domain AJAX requests?

Question

After reading about CORS (Cross-Origin Resource Sharing), I don\'t understand how it improves security. Cross-Domain AJAX communication is allowed if the correct ORIGIN head

Answer 1

The purpose of the same origin policy isn't to stop people from accessing website content generally; if somebody wants to do that, they don't even need a browser. The point is to stop client scripts accessing content on another domain without the necessary access rights. See the Wikipedia entry for Same Origin Policy.