How Is Origin Determined?

Browsers will compare two URLs to determine the origin based on a number of factors. These factors include the domain name, the application layer protocol, and in many browsers, the port used.

For example, say that we are making AJAX requests from a script on http://www.site.com/page1.html to access resources on other pages. Table A-1 outlines the results for several different URLs.

Table A-1. Results of making an AJAX request from a script on http://www.site.com/page1.html

URL requested

Outcome

Reason

http://www.site.com/page2.html

Success

Same host and protocol

http://www.site.com:8888/page2.html

Fail

Different port

https://www.site.com/page2.html

Fail

Different protocol (https)

http://site.com/page1.html

Fail

Different host (not an exact match)

http://sub.site.com/page1.html

Fail

Different host (subdomain)

Understanding these rules when you’re working with client-side scripting languages like JavaScript will save you a lot of headaches when development begins.

Get Programming Social Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial