Update article.md

5-network/05-fetch-crossorigin/article.md

@@ -20,7 +20,7 @@ Cross-origin requests -- those sent to another domain (even a subdomain) or prot
 
 That policy is called "CORS": Cross-Origin Resource Sharing.
 
-## Why CORS is needed? A brief history
+## Why is CORS needed? A brief history
 
 CORS exists to protect the internet from evil hackers.
 
@@ -95,7 +95,7 @@ That works, and doesn't violate security, because both sides agreed to pass the
 
 After a while, networking methods appeared in browser JavaScript.
 
-At first, cross-origin requests were forbidden. But as a result of long discussions, cross-origin requests were allowed, but any new capabilities unless require an explicit allowance by the server, expressed in special headers.
+At first, cross-origin requests were forbidden. But as a result of long discussions, cross-origin requests were allowed, but with any new capabilities requiring an explicit allowance by the server, expressed in special headers.
 
 ## Simple requests
 
@@ -341,7 +341,7 @@ Access-Control-Allow-Origin: https://javascript.info
 Access-Control-Allow-Credentials: true
 ```
 
-Please note: `Access-Control-Allow-Origin` is prohibited from using a star `*` for requests with credentials. Like shown above, there must be exactly the origin there. That's an additional safety measure, to ensure that the server really knows who it trusts to make such requests.
+Please note: `Access-Control-Allow-Origin` is prohibited from using a star `*` for requests with credentials. Like shown above, it must provide the exact origin there. That's an additional safety measure, to ensure that the server really knows who it trusts to make such requests.
 
 ## Summary