Talk:Same origin policy

From Wikipedia, the free encyclopedia

[edit] Cookies

Cookies have been 'per domain' ever since Netscape introduced them. Is this also an example of 'same origin policy'? --AndersFeder 16:53, 23 February 2007 (UTC)

[edit] Port

The article previously said the Internet Explorer doesn't pay attention to port. However, in my tests, Internet Explorer does pay attention to port. It may be that setting document.domain gets around this; however, setting document.domain gets around the same-domain restrictions too, so it isn't really fair to say that IE cares about domains but not ports. Rulesdoc (talk) 23:17, 2 April 2008 (UTC)

[edit] Overcoming access restriction

The same-origin policy does not apply to HTML files run from the local filesystem. This makes it possible for a locally-run HTML file to, for instance, perform any given HTTP request.

From my experiment (firefox 1.0.7, IE5), html files run in local filesystem can perform http request, but can't access data returning from that request. Morever, html files run in non-local can still perform any http request, but just can't access data. --Ans (talk) —Preceding comment was added at 09:28, 9 May 2008 (UTC)