From a93fdf4d90c87faf7e697feee418cfff30a16552 Mon Sep 17 00:00:00 2001
From: Henrik Nilsson <henrikn86@gmail.com>
Date: Tue, 8 Oct 2019 09:08:43 +0200
Subject: [PATCH] Update article.md

---
 5-network/05-fetch-crossorigin/article.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/5-network/05-fetch-crossorigin/article.md b/5-network/05-fetch-crossorigin/article.md
index f5a5f663..efef4431 100644
--- a/5-network/05-fetch-crossorigin/article.md
+++ b/5-network/05-fetch-crossorigin/article.md
@@ -20,7 +20,7 @@ Cross-origin requests -- those sent to another domain (even a subdomain) or prot
 
 That policy is called "CORS": Cross-Origin Resource Sharing.
 
-## Why CORS is needed? A brief history
+## Why is CORS needed? A brief history
 
 CORS exists to protect the internet from evil hackers.
 
@@ -95,7 +95,7 @@ That works, and doesn't violate security, because both sides agreed to pass the
 
 After a while, networking methods appeared in browser JavaScript.
 
-At first, cross-origin requests were forbidden. But as a result of long discussions, cross-origin requests were allowed, but any new capabilities unless require an explicit allowance by the server, expressed in special headers.
+At first, cross-origin requests were forbidden. But as a result of long discussions, cross-origin requests were allowed, but with any new capabilities requiring an explicit allowance by the server, expressed in special headers.
 
 ## Simple requests
 
@@ -341,7 +341,7 @@ Access-Control-Allow-Origin: https://javascript.info
 Access-Control-Allow-Credentials: true
 ```
 
-Please note: `Access-Control-Allow-Origin` is prohibited from using a star `*` for requests with credentials. Like shown above, there must be exactly the origin there. That's an additional safety measure, to ensure that the server really knows who it trusts to make such requests.
+Please note: `Access-Control-Allow-Origin` is prohibited from using a star `*` for requests with credentials. Like shown above, it must provide the exact origin there. That's an additional safety measure, to ensure that the server really knows who it trusts to make such requests.
 
 ## Summary