Page History
...
By proxying the runtime requests, the theme and the backend share the same origin, so XHR-requests from theme to runtime are allowed by the default browser security policy.
Suitable webservers web servers include, but are not limited to nginx, Apache httpd and IIS.
...
Overview
Content Tools