From the course: ASP.NET: Security

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Same-origin policy and CORS

Same-origin policy and CORS

From the course: ASP.NET: Security

Start my 1-month free trial

Same-origin policy and CORS

- [Instructor] Contrary to some rumors JavaScript does have a security concept and it's the Same-Origin Policy. The idea is that, and I simplify a little bit here, that has the same origin, or security context. What does that mean? Well, there are three pieces of information that have to be the same between the HTML page that contains the JavaScript code and the resource we are talking to. First of all, the protocol. So for instance, if we are on http//hplussport.com and try to do a Ajax call to https://hplussport.com, even if it's the same server, it's a different protocol so it's a different origin. That does not work. The second criteria is the domain name, the fully qualified domain name. So if we are on www.hplussport.com and like to call hplussport.com, even if it's exactly the same machine, from www.hplussport.com to hplussport.com the domain name doesn't match, so it's a different origin. That call doesn't work. So hplussport.com on port 444 is not the same as, well, no port…

Contents