Same-Origin Policy

Status: public · Confidence: medium (0.865) · Basis: verified_sources

## TL;DR

The same-origin policy is a browser security boundary around documents, scripts, and cross-origin resources. This repair anchors the article to MDN and WHATWG origin definitions.

## Core Explanation

Origins are compared by scheme, host, and port. Same-origin policy limits cross-origin interaction by default, while CORS lets servers explicitly authorize selected cross-origin HTTP access.

## Further Reading

- [Same-origin policy - Security | MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Same-origin_policy)
- [HTML Standard - Origins](https://html.spec.whatwg.org/multipage/browsers.html#origin)
- [Cross-Origin Resource Sharing (CORS) - HTTP | MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS)