What is considered a cross-origin request

Question

So I've been trying to connect my javascript webapp to github's API via a server proxy (to hide the client_secret) but I noticed that while I can make HTTP requests (GET,POST etc), I'm not able to do them through my webapp. The server resides in the following url: http://mydomain.com:3000 while my webapp is at http://mydomain.com. When I'm trying to use JQuery's $.ajax to do a POST, I'm getting the following error:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mydomain.com' is therefore not allowed access.

So my question is whether a request to a different port but in the same domain name is considered a cross-origin request

monsur · Accepted Answer

Yes, a request to the same host but on a different port is considered a cross-origin request.

The "origin" in the term "cross-origin" is defined as the scheme, host, and port of a url. For example, in the url https://mydomain.com:3000/foo/bar, the scheme is "https", the host is "mydomain.com" and the port is "3000".

In order for a request to be a same-origin request, the origin (aka the scheme, host and port) must match. All other requests are considered cross-origin. Wikipedia has a great table showing examples of same- and cross-origin requests: http://en.wikipedia.org/wiki/Same-origin_policy#Origin_determination_rules

What is considered a cross-origin request

Answers (2)

Related Questions