Top "Same-origin-policy" questions

The same origin policy, which is enforced by Web browsers, limits JavaScript in a document loaded from one origin from accessing data from another origin.

SecurityError: Blocked a frame with origin from accessing a cross-origin frame

I am loading an <iframe> in my HTML page and trying to access the elements within it using …

javascript jquery security iframe same-origin-policy
jQuery/JavaScript: accessing contents of an iframe

I would like to manipulate the HTML inside an iframe using jQuery. I thought I'd be able to do this …

javascript jquery iframe same-origin-policy
Ways to circumvent the same-origin policy

The same origin policy I wanted to make a community wiki regarding HTML/JS same-origin policies to hopefully help anyone …

javascript ajax same-origin-policy
Disable-web-security in Chrome 48+

I have a problem with the --disable-web-security flag. It is not working in Chrome 48 and Chrome 49 beta on Windows. I've …

google-chrome security same-origin-policy
Disable firefox same origin policy

I'm developing a local research tool that requires me to turn off Firefox's same origin policy (in terms of script …

security firefox same-origin-policy
XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header

tl;dr; About the Same Origin Policy I have a Grunt process which initiates an instance of express.js server. …

javascript cors same-origin-policy
How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?

I've been reading about Access-Control-Allow-Origin because it seems effective at allowing cross domain requests since I have access to the …

html cross-domain same-origin-policy access-control cors
Catch error if iframe src fails to load . Error :-"Refused to display 'http://www.google.co.in/' in a frame.."

I am using Knockout.js to bind iframe src tag(This will be configurable with respect to User). Now, if …

jquery iframe knockout.js same-origin-policy
Cross Domain Form POSTing

I've seen articles and posts all over (including SO) on this topic, and the prevailing commentary is that same-origin policy …

html security http csrf same-origin-policy