HTTP - Same Origin Request

HTTP - Same Origin Request

About

A request is a same-origin request if:

the request’s origin
and the origin of request’s current url page

are the same.

A request that is not a same-origin request is called a cross origin request.

Rules

Two HTTP requests have not the same origin if the URIs have:

A different domain (for example, from example.com to datacadamia.com)
A different subdomain (for example, from example.com to petstore.example.com)
A different port (for example, from example.com to example.com:10777)
A different protocol (for example, from https://example.com to http://example.com)

than the actual loaded page.

In other words, Two HTTP requests have not the same origin when the URIs have the:

same scheme,
same host and port components (ie endpoint)

Example

same origin

Example: All of the following resources have the same origin

not the same origin

Management

Same Origin Policy

User agents (such as browser) commonly apply same-origin restrictions to network requests. See Same-Origin Policy.

Algorithm

Two origins are said to be the same origin if the algorithm returns true.

Recommended Pages

Web Resource - Origin

Web Resource - Origin About The origin is a property of a resource that is used as the scope of privilege for scripts used by user agents (browser) The origin is calculated and set by the browser ( "...

HTTP - Origin Server (Header Field)

HTTP - Origin Server (Header Field) About The Origin header is: * a header field * added to a request * by the browser (ie client) * with the origin value * that indicate the source of "...

Browser - Cross Origin Resource Sharing (CORS)

What is Cross Origin Resource Sharing (CORS) ? Cross-origin resource sharing (CORS) is a protocol that describes how cross-origin requests should be executed by the browser. This mechanism/protocol i "...

Browser - Web API - Fetch function

API The fetch function is part of the web api function and is a AJAX call. It's one of the possibilities to fetch a resource. XMLHttpRequest (XHR) The fetch function returns a promise as response. Th "...

HTTP - Cookie (Set-Cookie Header )

A cookie is a key-value data and some associated It is: set: by the server side with a HTTP response and the Set-Cookie header and eventually on a client side with the browser web api stored in "...

HTTP - Cross-Origin Request

A cross-origin request is a request that was not created by code (html page, javascript, ...)) of the same origin. cross site requestsame origin requestcross-originsame origin A page may contain image "...

HTTP - Referrer-Policy Header

The referrer policy is a security response header that modifies the algorithm used to populate the Referer header when: fetching subresources, prefetching, or performing navigations. referrerpolicy "...

HTTP - Request

An HTTP request is a message sent from a client to a server. It's the first part of a fetch, the second being the response. Structure A request message has: a first line called the

Share this page:

HTTP - Same Origin Request

Table of Contents

About

Rules

Example

same origin

not the same origin

Management

Same Origin Policy

Algorithm

Recommended Pages

Web Resource - Origin

HTTP - Origin Server (Header Field)

Browser - Cross Origin Resource Sharing (CORS)

Browser - Web API - Fetch function

HTTP - Cookie (Set-Cookie Header )

HTTP - Cross-Origin Request

HTTP - Referrer-Policy Header

HTTP - Request