How Is Origin Determined?

Browsers will compare two URLs to determine the origin based on a number of factors. These factors include the domain name, the application layer protocol, and in many browsers, the port used.

For example, say that we are making AJAX requests from a script on http://www.site.com/page1.html to access resources on other pages. Table A-1 outlines the results for several different URLs.

Table A-1. Results of making an AJAX request from a script on http://www.site.com/page1.html

URL requested

Outcome

Reason

http://www.site.com/page2.html

Success

Same host and protocol

http://www.site.com:8888/page2.html

Fail

Different port

https://www.site.com/page2.html

Fail

Different protocol (https)

http://site.com/page1.html

Fail

Different host (not an exact match)

http://sub.site.com/page1.html

Fail

Different host (subdomain)

Understanding these rules when you’re working with client-side scripting languages like JavaScript will save you a lot of headaches when development begins.

Get Programming Social Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.