问题
I'd like to make a web service call from http://www.somedomain.com to https://www.somedomain.com
Without going to the trouble of setting up a test, could someone confirm if this will be considered the same origin?
My assumption is that this will be fine, seeing as cookies are shared successfully in this situation.
回答1:
No, it wont work the url needs the same domain and the same protocol see http://en.wikipedia.org/wiki/Same_origin_policy
回答2:
No, it is not same origin.
Perhaps you can configure your server to accept either http or https call? If this is the case you can use protocol relative urls to make your requests use whatever protocol you are already using.
reqUrl = "//www.somedomain.com"
By the way, it is usually not correct to make a httrps call from an http page. The initial http page makes you lose all securty the https would give since there is no way to authenticate the page has been served correctly and is running the intended scripts instead of something evil.
来源:https://stackoverflow.com/questions/8092986/same-origin-policy-with-same-domain-but-https