What is it

Origin is defined by:

• scheme (protocol)
• hostname (domain)
• port (if specified)

All three needs to be identical to be considered a same origin

• also referenced as the scheme/host/port tuple

Subpath does not matter

Subpaths of a URL does not contribute to the origin:

# same origin
http://example.com/app1/index.html
http://example.com/app2/index.html

What doesn't matter:

• /app1/index.html
• /app2/index.html

What matters:

• http:// is the scheme
• example.com is the host name
• port is omitted so both default to 80 and identical

Ports

Default Port is 80.

• Not specifying a port defaults to 80.

# port to 80
http://example.com:80
# default port is 80
http://example.com

Schemes

Different schemes are different origins:

# different protocol, different origins
http://example.com/app1
https://example.com/app1

• http and https are different protocols/schemes

Hostnames

Subdomains are different host names:

# different origins
http://example.com
http://www.example.com
http://myapp.example.com