The same origin security policy of browsers - Clien/ server communication
What is it?
It is a defective security mechanism that constrains components such as objects
and pages on a browser to connecting only with the server (domain) that delivered
the base page.
What is this demo?
This demo shows a page contains two iframes and a div loaded from different domains:
- the parent/top frame, say A, (frame contian this text) is loaded from coolshare.com
- the first iframe, say B, is loaded from coolshare.com too
- the second iframe, say C, is loaded from markqian.com
- a div in A, say D, is loaded from coolshare.com
There are buttons below where you can make calls to different servers.
As you can see, it is always "the same origin".
B loaded as http://www.coolshare.com/html/downld_p.htm initially, the same as the parent frame
C loaded as http://markqian.com/RemoteScriptGuru/html/dynamic_script/load_test3.html initially, different from the parent frame
A div, D, in top frame A