Home > Article > Web Front-end > What is js same origin policy
For any WEB-based application, the most important thing is security. There are various security checks in JS to prevent malicious scripts from attacking your machine. Some of these specific security methods are used in various browsers. For example :Mozilla has a completely unique complete model that involves signing scripts and enforcing privileges. We need to know which security methods are common to all browsers and which are browser-specific. This way we can create more secure JS scripts.
Same origin policy;
JS can only communicate with pages in the same domain. For example: running on http:// The script on domain:port/app1/page.html; cannot interact with the browser window or iframe of http://domain:port/app3/page.html;. It cannot access its cookies, receive its HTTP responses, etc. (But it can send HTTP requests to any other source); AJAX and webservice are also governed by this policy. This method is called the same origin policy;
The conditions for two scripts to be considered to be of the same origin are:
The protocol is the same (for example, both are http://)
The port is the same (usually 80)
The domain name is the same
If any of these three conditions If any one of them is not satisfied, the two scripts are not allowed to interact. For example: the script on www.mydomain.com cannot access the page on video.mydomain.com because the two domain names are different, although the latter is a child of the former. domain. Similarly, it cannot access the page on www.mydomain.com:8080 because the port is different, nor can it access about:blank because the protocol is different (the latter is not http://)
Impact of the same-origin policy:
It affects the interaction with BOM and DOM. For example: the document object of any page from different sources cannot be accessed, which means that any DOM cannot be accessed. Structure. For example: There are two iframes on the
page that reference different sources;
alert(frames[1].location.href);
alert(frames[ 1].document.location.href);//Failed
Both window and document have a location object attribute. If you run these two lines of code in a page that is not the same as the frame page, the second line will Report error.
The above is the detailed content of What is js same origin policy. For more information, please follow other related articles on the PHP Chinese website!