It's most common that JavaScript clients wish to interact with REST APIs. However, there are restrictions imposed (sandboxed) by the web browsers same-origin, also known as same domain policy. It restricts the JavaScript client from accessing resources if the resources aren't from the same domain/own source. The URI scheme, host, and port components indicate whether the resource origin is from the same domain. The browsers impose the same-origin policy to prevent leaking of confidential user data.

However, in most cases, the REST API needs to provide multi-origin read/write access from JavaScript for its JavaScript clients, and we will see how the following rules enable such flexibility:

• Support multi-origin read access with JSON with padding (JSONP) from JavaScript
• Support cross-origin resource sharing (CORS) to provide multi-origin read/write access from JavaScript