The same-origin policy restricts scripts on one origin from accessing data from another origin. An origin consists of a URI scheme, domain and port number. For example, consider the following URL:
http://normal-website.com/example/example.html
Last updated
| URL accessed | Access permitted? |
|---|---|
http://normal-website.com/example/
Yes: same scheme, domain, and port
http://normal-website.com/example2/
Yes: same scheme, domain, and port
https://normal-website.com/example/
No: different scheme and port
http://en.normal-website.com/example/
No: different domain
http://www.normal-website.com/example/
No: different domain
http://normal-website.com:8080/example/
No: different port*
