HTTP - Same Origin Request

About

A request is a same-origin request if:

are the same.

A request that is not a same-origin request is called a cross origin request.

Rules

Two HTTP requests have not the same origin if the URIs have:

  • A different domain (for example, from example.com to datacadamia.com)
  • A different subdomain (for example, from example.com to petstore.example.com)
  • A different port (for example, from example.com to example.com:10777)
  • A different protocol (for example, from https://example.com to http://example.com)

than the actual loaded page.

In other words, Two HTTP requests have not the same origin when the URIs have the:

Example

same origin

not the same origin

Management

Same Origin Policy

User agents (such as browser) commonly apply same-origin restrictions to network requests. See Same-Origin Policy.

Algorithm

Two origins are said to be the same origin if the algorithm returns true.


Powered by ComboStrap