|
|
|
|
|
|
by calaveraDeluxe
2757 days ago
|
|
|
I don't think this is true. I just tried to replicate it with 2 different hostsnames pointing to 127.0.0.1 in my /etc/hosts. js loaded from origin2.foo on a page with an origin of origin1.foo can XHR things from origin1.foo, but not from origin2.foo. Interestingly, MDN leads the article on same-origin policy with this sentence: The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. This seems to support the way that OP described how SOP works. |
|
|