What is CORS?and more into CORS...

When does CORS Problem happens?

Problem happens for CORS only when the client is a browser.

How Client ensures it is safe to send the request of specific method,header,authorization etc,. ?

It will first send HTTP verb as Options and know what are all the allowed methods,headers etc,.This is called Preflighted request.

Server sending CORS headers:

This is second part.The server sends the CORS headers  in the response to the client asking the browser to relax for the methods,headers etc, coming in the response.As long as the browser supports CORS, these headers signal to the browser that it's okay to "relax" its same-origin policy, allowing the cross-origin API call to succeed.

Preflighted requests

Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by theOPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send.  Cross-site requests are preflighted like this since they may have implications to user data.  In particular, a request is preflighted if:

·        It uses methods other than GET, HEAD or POST.  Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, ortext/plain, e.g. if the POST request sends an XML payload to the server using application/xmlor text/xml, then the request is preflighted.

·        It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)

 REF: REF: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

http://docs.apigee.com/api-services/content/adding-cors-support-api-proxy 

Taking Digital Turn...

I am into API Management Technologies now..So,exploring into the concepts of it.
I will be sharing the knowledge I gained through learning the API Management concepts and tools.
Please feel free to contact me or add more information to the posts if you have more information about the topics I post and also share your feedback.