HTML5 Cross Domain Messaging


  • Single Origin Policy (SOP) 
  • HTML5 Cross-domain messaging
  • Cross-Origin Resource Sharing (CORS) & XHR2

Single Origin Policy

What is Same Origin Policy? 

  • The same origin policy does not allow JavaScript code loaded from one origin accessing or communicating with documents from another origin 
    • In other words, documents retrieved from distinct origins are isolated from each other 
  • JavaScript codes are considered from the same origin only if they are loaded from the sites that have the same 
    • protocol (http:, https:, ws:, wss:) 
    • host 
    • port 
  • The same origin policy is imposed by browsers


Download course content