This was originally posted on the SHIFT developers blog. First off - what is CORS? CORS is a means of allowing cross site requests. You can read up in lengthy detail on it’s features here. Simply put, it lets you be on one domain, and perform XMLHttpRequests to another, which is normally not allowed due to the Same Origin Policy. The domains that may hit your server must be specified in your configuration.