问题
Are 127.0.0.1 and localhost considered as two different domains by browsers and therefore enforce cross-domain (same origin policy) restrictions?
I observed it works sometime (in case of simple web pages) and does not work with Flex based web pages.
For example: Scenario I: In a web page called page1.htm, you call a script as follows:
<script type="text/javascript" src="js/somejsscript.js"></script>
or
<script type="text/javascript" src="http://localhost/js/somejsscript.js"></script>
and you access the page as http://localhost/page1.htm
Scenario II: You call the script as follows:
<script type="text/javascript" src="http://127.0.0.1/js/somejsscript.js"></script>
and you access the page as http://localhost/page1.htm
回答1:
Origin is defined as a scheme/host/port (port is the default value for a scheme if it doesn't exist, e.g. port 80 for http, 443 for https). Same-origin is defined as a matching scheme/host/port. "localhost" and "127.0.0.1" are different hosts in this case. See http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules
回答2:
Yes, these are different origins for web security purposes; no browsers equate them. Technically "localhost" can point anywhere, and typically (on modern systems) it points to IPv6 rather than IPv4.
来源:https://stackoverflow.com/questions/5256251/are-127-0-0-1-and-localhost-considered-as-two-different-domains-by-browsers