From 4f7ce44136224dd9f9662824a503b415f416c8cb Mon Sep 17 00:00:00 2001 From: jbranchaud Date: Fri, 1 Jan 2021 23:33:42 -0600 Subject: [PATCH] Add What Counts As Cross-Origin With CORS? as an HTTP til --- README.md | 7 +++++- http/what-counts-as-cross-origin-with-cors.md | 22 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 http/what-counts-as-cross-origin-with-cors.md diff --git a/README.md b/README.md index b010cab..26a40ce 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ pairing with smart people at Hashrocket. For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud). -_989 TILs and counting..._ +_990 TILs and counting..._ --- @@ -27,6 +27,7 @@ _989 TILs and counting..._ * [Git](#git) * [Go](#go) * [HTML](#html) +* [HTTP](#http) * [Internet](#internet) * [JavaScript](#javascript) * [jq](#jq) @@ -300,6 +301,10 @@ _989 TILs and counting..._ - [Render Text As Superscript](html/render-text-as-superscript.md) - [Submit A Form With A Button Outside The Form](html/submit-a-form-with-a-button-outside-the-form.md) +### HTTP + +- [What Counts As Cross-Origin With CORS?](http/what-counts-as-cross-origin-with-cors.md) + ### Internet - [Add Emoji To GitHub Repository Description](internet/add-emoji-to-github-repository-description.md) diff --git a/http/what-counts-as-cross-origin-with-cors.md b/http/what-counts-as-cross-origin-with-cors.md new file mode 100644 index 0000000..d8af310 --- /dev/null +++ b/http/what-counts-as-cross-origin-with-cors.md @@ -0,0 +1,22 @@ +# What Counts As Cross-Origin With CORS? + +When it comes to HTTP, an +[origin](https://developer.mozilla.org/en-US/docs/Glossary/origin) is defined +by several different aspects of the URL. This is important for understanding +what qualifies as _same_ and _cross_-origin when dealing with +[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (Cross-Origin +Resource Sharing). + +For something to be _same-origin_, it must have the same scheme (HTTP/HTTPS), +the same host, and the same port. If any one of the scheme, host (including +subdomains), or port is different, then it is not _same-origin_. + +Here are some examples of different origins: + +- `https://example.com` vs `http://example.com` (different scheme) +- `https://example.com` vs `https://sub.example.com` (different host) +- `https://example.com:3000` vs `https://example.com:5000` (different port) + +As long as the scheme, host, and port match, they are the same origin. The path +(everything following the origin) doesn't factor into the question of same +origin.