For security reasons browsers prohibit AJAX calls to resources residing outside the current origin. This means you under the current settings, you can't provide a service exposed by a Web API to some other origin. However, at times you might want to allow a legitimate origin to access a resource. This is where Cross Origin Resource Sharing (CORS) specifications come into the picture. While there are other ways to enable CORS at the web application level, the ASP.NET Web API takes CORS support a step further through certain attributes. Using these attribute you can fine tune CORS at the global level, controller level or individual action level. This article discusses how this support can be used in your applications.