简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Web Front-end  >  What is js same origin policy

What is js same origin policy

anonymity
anonymityOriginal
2019-05-29 15:16:094841browse

For any WEB-based application, the most important thing is security. There are various security checks in JS to prevent malicious scripts from attacking your machine. Some of these specific security methods are used in various browsers. For example :Mozilla has a completely unique complete model that involves signing scripts and enforcing privileges. We need to know which security methods are common to all browsers and which are browser-specific. This way we can create more secure JS scripts.

What is js same origin policy

Same origin policy;

JS can only communicate with pages in the same domain. For example: running on http:// The script on domain:port/app1/page.html; cannot interact with the browser window or iframe of http://domain:port/app3/page.html;. It cannot access its cookies, receive its HTTP responses, etc. (But it can send HTTP requests to any other source); AJAX and webservice are also governed by this policy. This method is called the same origin policy;

The conditions for two scripts to be considered to be of the same origin are:

The protocol is the same (for example, both are http://)

The port is the same (usually 80)

The domain name is the same

If any of these three conditions If any one of them is not satisfied, the two scripts are not allowed to interact. For example: the script on www.mydomain.com cannot access the page on video.mydomain.com because the two domain names are different, although the latter is a child of the former. domain. Similarly, it cannot access the page on www.mydomain.com:8080 because the port is different, nor can it access about:blank because the protocol is different (the latter is not http://)

Impact of the same-origin policy:

It affects the interaction with BOM and DOM. For example: the document object of any page from different sources cannot be accessed, which means that any DOM cannot be accessed. Structure. For example: There are two iframes on the

page that reference different sources;

alert(frames[1].location.href);

alert(frames[ 1].document.location.href);//Failed

Both window and document have a location object attribute. If you run these two lines of code in a page that is not the same as the frame page, the second line will Report error.

The above is the detailed content of What is js same origin policy. For more information, please follow other related articles on the PHP Chinese website!

ajax html Cookie JS 对象 dom bom location href alert http
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to download vue.js frameworkNext article:How to download vue.js framework

Related articles

See more