Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I had a read of what same origin policy means on Wikipedia however fail to understand how it works. I do understand that it prevents for example a javascript on my website from interacting with a script on a separate site however what does this exactly mean?
If your script (JS) tries to perform some HTTP request to the site other than the one it originated from via XMLHttpRequest, the request will fail, return status code will be 0 and error message – null.
That’s how it worked originally.
Right now there is a Cross-Origin Resource Sharing (CORS) specification, which is more or less supported by most modern browsers. It allows to do such requests, but with strict limitations.