2013年2月4日 星期一

Same origin policy

依據 Wikipedia [1] 上對於 Same origin policy 的描述如下:
In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number[1] – to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.

簡單來說,大概就是為了安全性的考量,要限制瀏覽器端的程式語言只能夠存取相同網域內的資源。
另外節錄在 [1] 中對於同網域的認定範例:
Compared URLOutcomeReason
httpː//www.example.com/dir/page.htmlSuccessSame protocol and host
httpː//www.example.com/dir2/other.htmlSuccessSame protocol and host
httpː//www.example.com:81/dir/other.htmlFailureSame protocol and host but different port
https://www.example.com/dir/other.htmlFailureDifferent protocol
http://en.example.com/dir/other.htmlFailureDifferent host
http://example.com/dir/other.htmlFailureDifferent host (exact match required)
http://v2.www.example.com/dir/other.htmlFailureDifferent host (exact match required)


參考資料:
1、Wikipedia: Same origin policy
2、Cross Domain Ajax 跨網域抓取資料(JSONP)

沒有留言:

張貼留言