Origin
Web content's origin is defined by the scheme (protocol), hostname (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, hostname, and port all match.
Some operations are restricted to same-origin content, and this restriction can be lifted using CORS.
Examples
These are same origin because they have the same scheme (http
) and hostname (example.com
), and the different file path does not matter:
http://example.com/app1/index.html
http://example.com/app2/index.html
These are same origin because a server delivers HTTP content through port 80 by default:
http://example.com:80
http://example.com
These are not same origin because they use different schemes:
http://example.com/app1
https://example.com/app2
These are not same origin because they use different hostnames:
http://example.com
http://www.example.com
http://myapp.example.com
These are not same origin because they use different ports:
http://example.com
http://example.com:8080