- CORS Essentials
- Rajesh Gunasundaram Randall Goya
- 209字
- 2021-07-09 19:53:41
Considering the origin of entities
Access to DOM elements is allowed only when the request scheme, hostname, and port number match those of the current URI. A subdomain cannot share DOM elements with the parent domain.
- Scheme in web applications is typically
http://orhttps:// - Hostname is typically the domain name plus TLD, or the unique IP address
- Port number:
- Typically, port
80is implicit inhttp:// 443for SSL overhttps://
- Typically, port
If the Scheme, Hostname, and port number do not match the DOM element, then resource sharing is prohibited as they do not share the same origin. Considering the domain http://www.example.com, the following table provides various combinations of matching and mismatching origins:
Internet Explorer exception policy
Internet Explorer (IE) implements two major differences when it comes to the same-origin policy:
- IE Trust Zones allow different domains: If both domains are in a highly trusted zone, then the same-origin policy limitations are not applied.
- Port is ignored: IE ignores the port in same origin components. These URIs are considered from the same origin:
推薦閱讀
- 從零開始學Hadoop大數據分析(視頻教學版)
- Google Visualization API Essentials
- Spark快速大數據分析(第2版)
- Java Data Science Cookbook
- SQL Server 2008數據庫應用技術(第二版)
- Spark大數據分析實戰
- Oracle RAC 11g實戰指南
- 大數據可視化
- 文本挖掘:基于R語言的整潔工具
- Lean Mobile App Development
- Mockito Cookbook
- The Game Jam Survival Guide
- Proxmox VE超融合集群實踐真傳
- 辦公應用與計算思維案例教程
- Augmented Reality using Appcelerator Titanium Starter