You all know the same origin policy. And you have all probably heard about json-p. But there is a better way: CORS. With oauth, openid, and applications opening up JSON-based endpoints, your browser is the perfect place to combine data into new apps – less server side programming needed. CORS allows you to have your web apps talk directly and securely to any server, not just the origin. It is relatively simple to use, with a few tricks and gotchas. Let me show you how it works and how it can be setup (warning: some servers will be hurt).