By default, ToroPHP can't work out of the box in Cross-origin resource sharing (CORS) mechanism.
This is a scenario possibly seen using ToroPHP for some quick development in small projects as a RESTful API backend.

One issue would be "Origin is not allowed" error when Ajax interacts with the API built upon ToroPHP at a different server.

Solution to this is to have Access-Control-Allow-Origin header present, and having value of either the requesting server ip/domain, or a wildcard *

One issue would be preflight OPTIONS request from requests other than GET and POST, so like PUT, DELETE etc. So currently without modifying the framework, those will fail, as the ajax will first expecting a response of OPTIONS before the actual PUT/DELETE etc request.

I would propose to add into the Toro.php an option (a boolean variable) to enable CORS, upon enabling should respond to all requests at least the following headers,

• Access-Control-Allow-Origin
• Access-Control-Allow-Methods
  (there are a few more, x-ref Wikipedia, but at least these two should be there for it to work)

Please let me know if I should proceed to attempt this feature. Let me know what you guys think.

Relavent resources
Wikipedia:Cross-origin resource sharing
Using CORS - HTML5 Rocks