Same Origin Policy for JavaScript (Ajax) and Cookies
A URL consists of four parts, take www.2cto.com as an example (the default port for http is 80, and the default port for https is 443. If it is the default port, it can be omitted, so this URL is equivalent to www.2cto.com: 80
Protocol: http
Host: www.2cto.com
Port: 80
Path:/
The so-called same origin means that the protocol, host and port of this URL are generally the same. Domain or domain is also the concept of source here.
For the above URL, there are the following results:
'
There is an exception, javascript can modify the value of the host and port parts by setting document.domain, if In this way, the set value will be used as the standard for same-origin policy check. For example, for http://blog.csdn.net/yanical and http://bbs.csdn.net/, you can execute the following javascript:
[ javascript] document.domain = "csdn.net";
After this, the two pages have the same source. For security reasons, they cannot be set to other main domains, such as http://www.csdn. net/ cannot be set to sina.com
We see that only the host part is set in the javascript, and the port part is not mentioned. In fact, when the above javascript is executed, the port is also set, and is set to a null value. Therefore, if the above javascript is executed for both http://blog.csdn.net:81/yanical and http://blog.csdn.net/yanical, the ports will be set to null. They also become homologous.
The same origin policy was first used to prevent js from one source from obtaining or modifying the document attributes of another source. The source of javascript here refers to the source of the HTML page that loads javascript. Rather than the source where the javascript itself is located.
For example, there are two HTML and two javascript. test.html contains an iframe that references frame.html, and they are in different sources; test.html also references two js, one of them is also different from the source of test.html; the javascript of test.html also tries to modify frame.html
test.html:
[html]
<script> <br/>document.write( '------write from test.html'); <br/>alert(document.getElementById('vFrame').contentDocument.body.innerHTML='------overwrite frame from test.html'; <br/>< ;/script> <br/> <br/> <br/>frame.html:<br/> <br/>[html] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <br/><html> <br/> <head> <br/> <br/><body> <br/><script> <br/>document.write('------write from frame.html'); <br/></script>
body>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to implement an online speech recognition system using WebSocket and JavaScript
Dec 17, 2023 pm 02:54 PM
How to use WebSocket and JavaScript to implement an online speech recognition system Introduction: With the continuous development of technology, speech recognition technology has become an important part of the field of artificial intelligence. The online speech recognition system based on WebSocket and JavaScript has the characteristics of low latency, real-time and cross-platform, and has become a widely used solution. This article will introduce how to use WebSocket and JavaScript to implement an online speech recognition system.
WebSocket and JavaScript: key technologies for implementing real-time monitoring systems
Dec 17, 2023 pm 05:30 PM
WebSocket and JavaScript: Key technologies for realizing real-time monitoring systems Introduction: With the rapid development of Internet technology, real-time monitoring systems have been widely used in various fields. One of the key technologies to achieve real-time monitoring is the combination of WebSocket and JavaScript. This article will introduce the application of WebSocket and JavaScript in real-time monitoring systems, give code examples, and explain their implementation principles in detail. 1. WebSocket technology
How to use JavaScript and WebSocket to implement a real-time online ordering system
Dec 17, 2023 pm 12:09 PM
Introduction to how to use JavaScript and WebSocket to implement a real-time online ordering system: With the popularity of the Internet and the advancement of technology, more and more restaurants have begun to provide online ordering services. In order to implement a real-time online ordering system, we can use JavaScript and WebSocket technology. WebSocket is a full-duplex communication protocol based on the TCP protocol, which can realize real-time two-way communication between the client and the server. In the real-time online ordering system, when the user selects dishes and places an order
How to implement an online reservation system using WebSocket and JavaScript
Dec 17, 2023 am 09:39 AM
How to use WebSocket and JavaScript to implement an online reservation system. In today's digital era, more and more businesses and services need to provide online reservation functions. It is crucial to implement an efficient and real-time online reservation system. This article will introduce how to use WebSocket and JavaScript to implement an online reservation system, and provide specific code examples. 1. What is WebSocket? WebSocket is a full-duplex method on a single TCP connection.
JavaScript and WebSocket: Building an efficient real-time weather forecasting system
Dec 17, 2023 pm 05:13 PM
JavaScript and WebSocket: Building an efficient real-time weather forecast system Introduction: Today, the accuracy of weather forecasts is of great significance to daily life and decision-making. As technology develops, we can provide more accurate and reliable weather forecasts by obtaining weather data in real time. In this article, we will learn how to use JavaScript and WebSocket technology to build an efficient real-time weather forecast system. This article will demonstrate the implementation process through specific code examples. We
Simple JavaScript Tutorial: How to Get HTTP Status Code
Jan 05, 2024 pm 06:08 PM
JavaScript tutorial: How to get HTTP status code, specific code examples are required. Preface: In web development, data interaction with the server is often involved. When communicating with the server, we often need to obtain the returned HTTP status code to determine whether the operation is successful, and perform corresponding processing based on different status codes. This article will teach you how to use JavaScript to obtain HTTP status codes and provide some practical code examples. Using XMLHttpRequest
How to use insertBefore in javascript
Nov 24, 2023 am 11:56 AM
Usage: In JavaScript, the insertBefore() method is used to insert a new node in the DOM tree. This method requires two parameters: the new node to be inserted and the reference node (that is, the node where the new node will be inserted).
JavaScript and WebSocket: Building an efficient real-time image processing system
Dec 17, 2023 am 08:41 AM
JavaScript is a programming language widely used in web development, while WebSocket is a network protocol used for real-time communication. Combining the powerful functions of the two, we can create an efficient real-time image processing system. This article will introduce how to implement this system using JavaScript and WebSocket, and provide specific code examples. First, we need to clarify the requirements and goals of the real-time image processing system. Suppose we have a camera device that can collect real-time image data
