How W3C CORS and APIs work?
Key concept:
The web page viewed by the user integrates cross-origin content [without
use of iframes]. API requests are made directly from the user's browser.
Because API response is coming from a different domain than the web page
content it is subject to a cross domain browser policy. The browser sets
"Origin" HTTP header on the API request. If the domain of the site is
authorized to use API content, the API server sets
"Access-Control-Allow-Origin" HTTP response header. If the "Origin" and
"Access-Control-Allow-Origin" response headers match then browser allows
content integration and interaction on the same page.
Client-side content rendering using CORS Elsevier APIs:
Client side rendering model is based on browser capability of applying
XSLT transformation to API response in application/xml format. As shown
in
API search examples
, content of the web page combines search form and search results as
being rendered by the browser based on API response and given
correspoding xslt file. Here is how this model can be applied for 3rd
party sites:
Note:
Please do not forget that in order to leverage CORS functionality you
will need to provide authorized domains to be associated with you API
key. By default we add your website URL to the CORS domain list associated
with your API key. You can add additional domains or modify existing domains
through the 'Modify API key settings' page.
