Same origin policy

In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site to access each other’s methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.

The concept of same origin policy is often extended to define roughly compatible security boundaries for other web scripting languages, such as Adobe Flash, or for mechanisms other than direct DOM manipulation, e.g.  XMLHttpRequest (Ajax).

The most popular ways to do cross domain calls via JavaScript are :

  • proxies : the most common approache (your script calls your server, your server makes the call to the remote server and then returns the result back to the client)
  • JSON : callback (the remote server needs to accept an additional parameter: a callback function)
  • Flash : bridge (Flash can enable the capability of remote access by placing a special XML policy-file on the remote server to accept requests from other domains)