About
A request is a same-origin request if:
- the request’s origin
- and the origin of request’s current url page
are the same.
A request that is not a same-origin request is called a cross origin request.
Rules
Two HTTP requests have not the same origin if the URIs have:
- A different domain (for example, from example.com to datacadamia.com)
- A different subdomain (for example, from example.com to petstore.example.com)
- A different port (for example, from example.com to example.com:10777)
than the actual loaded page.
In other words, Two HTTP requests have not the same origin when the URIs have the:
Example
same origin
Example: All of the following resources have the same origin
not the same origin
Management
Same Origin Policy
User agents (such as browser) commonly apply same-origin restrictions to network requests. See Same-Origin Policy.
Algorithm
Two origins are said to be the same origin if the algorithm returns true.