Same Origin Policy

Same Origin Policy is a security feature found in the JavaScript implementation in most browsers, as well as in other technologies used in a browser, e.g. Flash. It basically allows you to make requests to pages within the same site/domain, while preventing you from making requests to pages on a different domain, another subdomain or through a different protocol. Since this is a part of JavaScript, it's also a part of jQuery, as you will see if you try to do an AJAX call to a page on another domain - it's simply not possible. There are certain hacks and workarounds to circumvent Same Origin Policy, but they usually don't work in all browsers or have other problems.

However, sometimes you really do need to make requests to a page on a different domain, especially in cases where you own both domains or when the owner of the secondary domain would like for you to access the page. Fortunately, the JSONP standard allows us to do just this, and while it's also a bit of a hack that would require quite a bit of effort to use within JavaScript, jQuery supports this very elegantly, allowing you to do JSONP based calls just as easy as a regular AJAX call. In fact, you can change the get() or post() call to be JSONP based simply by stating that you would like the return type to be "json".

JSON, short for JavaScript Object Notation, is a data notation, a bit like XML, allowing you to transfer structured data easily, usually over a network connection. Despite the fact that it was originally intended to use with JavaScript, a lot of other programming languages supports it out-of-the-box as well, allowing you to easily output arrays and objects in the JSON format.

In the next chapter, we will create an example where we use the JSONP technique to request a file on a different subdomain.
<PreviousNext>
^ Back to Top