Contents header

Web Security

Same-origin policy & Cross-Origin Resource Sharing

  • Definition of an origin (RFC6514, Section 4)
    • the protocol (URI scheme)
    • the port (port number )
    • the host (host name)
  • Why:
  • Inherited origins
  • IE Exceptions
  • Change origin: set document.domain to its current domain or a superdomain of its current domain
  • The same-origin policy controls interactions of 3 categories:
    • Cross-origin writes
    • Cross-origin embedding
    • Cross-origin reads
  • Relaxing the same-origin policy
    • document.domain
    • CORS
    • Cross-document messaging
    • JSONP
    • WebSockets
  • Broadly, one origin is permitted to send information to another origin, but one origin is not permitted to receive information from another origin.W3C: Same Origin Policy
  • Cross-Origin Resource Sharing (CORS)
    • Whatwg: Fetch Spec
    • uses additional HTTP headers to tell a browser to …
      • a new Origin request header, which cannot be changed programmatically
      • a new Access-Control-Allow-Origin response header
  • References

The difference between browserHistory and hashHistory


模块(Require.js , ES6 Module, Common.js Module)


Event Loop: setTimeout / nextTick

HTTP Method 区别

doctype 的区别


null 和 undefined 的区别

  • they are all JavaScript’s primitive values variables that aren’t


Interview Collections