I thought cross-subdomain AJAX requests were allowed, but this Chrome error seems to indicate otherwise

Question

I know that cross-domain requests are disallowed for security reasons, but I was under the impression that only the top-level domain needed to match, that different sub-doma

Answer 1

In short, the rules of the same origin policy are:

• same host
• same port
• same protocol

In your example you are violating the host rule, as a different subdomain could point to a different host/ IP than another, even if the second level domain is the same.

If you have no other possibility, you could try to use JSONP in your ajax request; this doesn't have an SOP.

Reference

Answer 2

No cross sub domain requests are not allowed in any browser. But there are some ways like CORS, using iframes, setting document.domain to make it work (although with some limitations).