This article is part of my Web front-end DOM series.

  • Four cross-domain methods for JavaScript

  • Same-origin policy and cross-domain access

  • Front-end cross-domain consolidation

The same-origin policy

Homologous? A URL consists of a protocol, domain name, port, and path. If the protocol, domain name, and port of two urls are the same, they are of the same origin. The browser’s same-origin policy restricts “document” or scripts from different sources from reading or setting certain properties on the current “document”. That is, scripts loaded from one domain are not allowed to access document properties from another domain. For example, if a page on a malicious web site has an iframe embedded in the bank’s login page (the two are from different sources), the javascript script on the malicious web page can obtain the user’s username and password when the user logs in to the bank without the same-origin restriction. There are all sorts of Hacker tricks that have been around since the advent of the same origin policy that restricts us from requesting resources at will.

JSONP

JSONP is a common cross-domain approach that is not limited by browser compatibility, but because it can only request with the GET verb, it breaks the standard REST style and is ugly. JSONP is essentially leveraging