- CORS Essentials
- Rajesh Gunasundaram Randall Goya
- 209字
- 2021-07-09 19:53:41
Considering the origin of entities
Access to DOM elements is allowed only when the request scheme, hostname, and port number match those of the current URI. A subdomain cannot share DOM elements with the parent domain.
- Scheme in web applications is typically
http://orhttps:// - Hostname is typically the domain name plus TLD, or the unique IP address
- Port number:
- Typically, port
80is implicit inhttp:// 443for SSL overhttps://
- Typically, port
If the Scheme, Hostname, and port number do not match the DOM element, then resource sharing is prohibited as they do not share the same origin. Considering the domain http://www.example.com, the following table provides various combinations of matching and mismatching origins:
Internet Explorer exception policy
Internet Explorer (IE) implements two major differences when it comes to the same-origin policy:
- IE Trust Zones allow different domains: If both domains are in a highly trusted zone, then the same-origin policy limitations are not applied.
- Port is ignored: IE ignores the port in same origin components. These URIs are considered from the same origin:
推薦閱讀
- GitHub Essentials
- Hands-On Data Structures and Algorithms with Rust
- 云數據中心基礎
- 數據分析實戰:基于EXCEL和SPSS系列工具的實踐
- Python數據分析入門:從數據獲取到可視化
- 虛擬化與云計算
- 圖解機器學習算法
- 金融商業算法建模:基于Python和SAS
- 云原生數據中臺:架構、方法論與實踐
- 達夢數據庫運維實戰
- 利用Python進行數據分析(原書第2版)
- Swift Functional Programming(Second Edition)
- SOLIDWORKS 2018中文版機械設計基礎與實例教程
- Learning Ansible
- 產品經理數據修煉30問