In the context of a HTML CID client, any interact step operated with the regular web transport imply cross-origin requests. The server must enable CORS requests according to the manifest definition.
Enable CORS request
The server must specify the source location from where it can be loaded. In the CID context, the CID server must accept CORS requests from the client URL. To do this, the server must include a Access-Control-Allow-Origin field in the response header with the URL of the client as value.
Enable POST or PUT HTTP messages
To enable other request than the classic HTTP GET, the CID server must respond to a HTTP OPTION request with Access-Control-Allow-Methods field in the header and GET, POST, PUT as value.
Enable the use of specific header
To enable the use of specific headers between client and server, the CID server must respond to a HTTP OPTION request with Access-Control-Allow-Headers field in the header and the name of the specific headers as value.