Tuesday, August 2, 2011

Same-origin policy..

The same origin policy requires that the protocol, port, and host are the same for both pages.  Otherwise, Firefox apparently "preflights" the HTTP request:

https://developer.mozilla.org/en/HTTP_access_control

https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript


Mozilla considers two pages to have the same origin if the protocol, port (if one is specified), and host are the same for both pages. The following table gives examples of origin comparisons to the URL http://store.company.com/dir/page.html:
URLOutcomeReason
http://store.company.com/dir2/other.htmlSuccess 
http://store.company.com/dir/inner/another.htmlSuccess 
https://store.company.com/secure.htmlFailureDifferent protocol
http://store.company.com:81/dir/etc.htmlFailureDifferent port
http://news.company.com/dir/other.htmlFailureDifferent host

No comments:

Post a Comment