In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number[1] – to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.
簡單來說,大概就是為了安全性的考量,要限制瀏覽器端的程式語言只能夠存取相同網域內的資源。
另外節錄在 [1] 中對於同網域的認定範例:
| Compared URL | Outcome | Reason |
|---|---|---|
| httpː//www.example.com/dir/page.html | Success | Same protocol and host |
| httpː//www.example.com/dir2/other.html | Success | Same protocol and host |
| httpː//www.example.com:81/dir/other.html | Failure | Same protocol and host but different port |
| https://www.example.com/dir/other.html | Failure | Different protocol |
| http://en.example.com/dir/other.html | Failure | Different host |
| http://example.com/dir/other.html | Failure | Different host (exact match required) |
| http://v2.www.example.com/dir/other.html | Failure | Different host (exact match required) |
參考資料:
1、Wikipedia: Same origin policy
2、Cross Domain Ajax 跨網域抓取資料(JSONP)
沒有留言:
張貼留言