发表新帖
发表新帖

Same origin policy

前端 未结
关注
4 657
悲哀的现实
悲哀的现实 2020-12-06 13:59

Maybe some of you can help me get a better understanding of the javascript same origin policy.

The same origin policy is defined as following (http://en.wikipedia.or

4条回答
  • 青春惊慌失措
    青春惊慌失措 (楼主)
    2020-12-06 14:42

    CORS (Cross-Origin Resource Sharing) is a standard way to allow cross-domain AJAX calls.

    It's quite simple. For example, if the HTTP header Access-Control-Allow-Origin: * is added to a page (using PHP for example) then JavaScript from any domain will be able to read the page using AJAX. If such a header is not present then the same-origin policy will prevent the page from being read by AJAX calls from a different domain.

    Using CORS, the owner of a page (for example a page that exposes specific data or an API) can expose that page (and that page only) for others to call from their own domains. The principle is that if the owner of a page explicitly says "it's OK for other to access my stuff" then CORS will allow it. Otherwise, the same-site policy is assumed.

    See: http://www.w3.org/TR/cors/

    0 讨论(0)
 看不清?
提交回复
热议问题