Reputation: 3042
same origin policy in javascript
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
Here also we are acessing a resource from another domain.
But here we didnt get any problem due to same origin policy. So, does the script tag capable of accessing the resource from other domin?
Upvotes: 0
Views: 312
Answers (4)
Reputation: 22461
Yes, it is capable. Because <script> tag's functionality is limited to only loading what can be interpreted as JavaScript and you have no other options to parse received answer except to automatically run it, it doesn't share many security concerns associated with AJAX request that would be able to run arbitrary request and process data in arbitrary way if not for SOP.
Upvotes: 1
Reputation: 438
sources for script tags, like image tags and other resources can be hosted on external domains, the same origin policy applies to making XMLHTTPRequests, (ajax, json, etc)
Upvotes: 1
Reputation: 24815
The SCRIPT tag is HTML, and really has nothing to do with JavaScript on it's own. Just like the IMG tag, it has nothing to do with same origin policy
As soon as you start using JavaScript, you will get some origin policy issues, and then you'll need headers() on the API side, or JSONP
Upvotes: 2
Reputation: 40488
You can include script files from almost any domain. But you cannot load files from different domains inside your script files.
Upvotes: 1
Related Questions
- Same origin policy
- How Same-origin policy works?
- Same origin policy - still not getting it
- Same-origin policy is for what
- Same origin policy and the DOM
- Same-origin policy workaround using document.domain in Javascript
- document.domain same origin policy not working
- java script and same origin policy confusion
- Same origin policy, external script
- Javascript security / cross scripting on same server