Reputation: 326
What triggers cross-domain violation when AJAX request?
I was asked a question below and cannot find the answer. I looked up similar posts, but many posts (like this) ended up talking about cross-origin, not cross-domain. What is the answer to the below question?
Q: Assume you are working on a webpage at http://example.com/path/to/foo.html. if you were to send an AJAX request to the following URLs, which one would NOT trigger a cross-domain violation?
A: http://example.com/bar
B: https://example.com/path/to/bar.html
C: https://example.com:80/bar
D: http://www.example.com/bar
E: C and D
Thank you in advance.
UPDATE:
Originally, I came across a website saying there is a 'Cross-domain violation' which is different from 'CORS' since 'origin' and 'domain' points different part. That's why I have been looking for the definition of 'cross-domain violation'. But it was actually the same as 'same-origin policy', as the answer below shows.
Upvotes: 0
Views: 1474
Answers (1)
Reputation: 1033
Due to this:
A resource is cross-origin when it's located at a different (sub)domain, protocol, or port!
You should also use exact match host so http://www.example.com/bar doesn't work out.
Take a look at this to see more examples.
You should not get CORS in the A option.
And also this article fully describing CORS.
Upvotes: 1
Related Questions
- jQuery ajax request being block because Cross-Origin
- Cross-Domain AJAX doesn't send X-Requested-With header
- CORS request failing only when requesting the same resource from another domain
- Why do browser blocks specific Ajax requests?
- Cross domain AJAX requests are not being blocked: is this a security vulnerability?
- Disable cross-domain ajax request
- Why are AJAX requests limited to same domain?
- Ajax Cross domain request to non-controlled domain
- What makes cross domain ajax insecure?
- Who blocks cross domain AJAX request browser or webserver or both?