The origin of some web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, host, and port match.
Some operations are restricted to same-origin content, and this restriction can be lifted using CORS.
Examples of same origin
https://example.com/app1/index.html https://example.com/app2/index.html |
same origin because same scheme (http ) and host (example.com ) |
https://Example.com:80 https://example.com |
same origin because a server delivers HTTP content through port 80 by default |
Examples of different origin
https://example.com/app1 https://example.com/app2 |
different schemes |
https://example.com https://www.example.com https://myapp.example.com |
different hosts |
https://example.com https://example.com:8080 |
different ports |
Learn more
See Same-origin policy for more information.