Overview#
Web Origin is described in RFC 6454 as "Roughly speaking", two URIs are part of the same Web Origin (i.e., represent the same principal) if they have the same URI Scheme, hostname, and port.Web Origin is a concept and both a Security Consideration and a Privacy Consideration which sets the Security Domain and the Trust level for the current transaction.In this context, "other origins" means the URL being accessed differs from the location that the JavaScript is running from, by having:
- a different scheme (HTTP or HTTPS)
- a different DNS Domain (hostname)
- a different portWeb Origin is the HTTP Request Header "Origin"
The HTTP Request Header field has the following syntax: RFC 6454 section 7.1
- origin = "Origin:" OWS origin-list-or-null OWS
- origin-list-or-null = %x6E %x75 %x6C %x6C / origin-list
- origin-list = serialized-origin *( SP serialized-origin )
- serialized-origin = scheme "://" host [ ":" port ] ; <scheme>, <host>, <port> from RFC 3986
Web Origin is used in the Fetch API as defined by WHATWG
More Information#
There might be more information for this subject on one of the following:- Cross Origin Resource Sharing
- Fetch API
- HTTP Request Header
- Protocol Server
- RFC 6454
- Same Origin Policy
- Same-site Cookies
- Web Origin
- [#1] - RFC 6454Content unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2017-04-23
- [#2] - 7.5 OriginContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2020-02-01