HTTP - Same Origin Request

About

A request is a same-origin request if:

are the same.

A request that is not a same-origin request is called a cross origin request.

Rules

Two HTTP requests have not the same origin if the URIs have:

  • A different domain (for example, from example.com to datacadamia.com)
  • A different subdomain (for example, from example.com to petstore.example.com)
  • A different port (for example, from example.com to example.com:10777)
  • A different protocol (for example, from https://example.com to http://example.com)

than the actual loaded page.

In other words, Two HTTP requests have not the same origin when the URIs have the:

Example

same origin

Example: All of the following resources have the same origin

not the same origin

Management

Same Origin Policy

User agents (such as browser) commonly apply same-origin restrictions to network requests. See Same-Origin Policy.

Algorithm

Two origins are said to be the same origin if the algorithm returns true.





Discover More
Cors Flowchart
Browser - Cross Origin Resource Sharing (CORS)

Cross-origin resource sharing (CORS) is a mechanism that: * allows a HTTP server * to control the cross-origin requests executed by a browser. In short, a HTTP server may allow or not to receive...
Chrome Devtool Xhr Fetch Request
Browser - Web API - Fetch function

The fetch function is part of the web api function and is a AJAX call. It's one of the possibilities to fetch a resource. XMLHttpRequest (XHR) The fetch function returns a promise as response. The Fetch...
HTTP - Cross-Origin Request

A cross-origin request is a request that was not created by code (html page, javascript, ...)) of the same origin. cross site requestsame origin requestcross-originsame origin A page may contain images...
Origin Http Header
HTTP - Origin Server (Header Field)

The Origin header is: a header field added to a request by the browser (ie client) with the origin value that indicate the source of the code (HTML, Javascript, ...) that created the request....
HTTP - Referrer-Policy Header

The referrer policy is a security response header that modifies the algorithm used to populate the Referer header when: fetching subresources, prefetching, or performing navigations. referrerpolicyHTML...
Chrome Devtool Har
HTTP - Request

An HTTP request is a message sent from a client to a server. It's the first part of a fetch, the second being the response. A request message has: a first line called the request...
Browser
Web Browser - Same-Origin Policy

User agents (such as browser) apply same-origin restrictions to code execution in order to kept data in a location accessible only to the client and the user-agent. browserHTTP client program The...
Browser Scripts Classed By Origin
Web Resource - Origin

The origin is a property of a resource that is used as the scope of privilege for scripts used by user agents (browser) The origin is calculated and set by the browser (ie client) on each resource from...



Share this page:
Follow us:
Task Runner