Web follows same-origin policy. User-agent tries to protect the
interaction between multiple origin. If you want to learn more about
the origin, you should read the specification.
Early web always tries to interact only with the same domain.
Nowadays web tries to interact with multiple web sites.
When we learn about Cross domain requests in web, we tend to
see many specifications.
As a web developer we always tries to understand the differences/similarities
between these specifications. I tried to google it for that
but i didn’t get the exact information that helps me to fill that gap.
To put it blindly…
XMLHttpRequest Level 1 and Level 2 are API specification
CORS is an general specification for Cross domain requests.
So how XMLHttpRequest Level 1 and Level 2 are different ?
With XMLHttpRequest Level 1 API we can make only same-origin requests.
With XMLHttpRequest Level 2 API we can make both same-origin and Cross-domain requests.
CORS enables XMLHttpRequest Level 2 API to make cross-domain requests.