I'm trying to simulate the same origin policy with my own laptop for researching purposes. I'd tried the following way, but it's not working:
httpd.conf:
...
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.client.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.custom.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
...
Now, in order to get the SOP effect I built two different mock sites:
www.client.es/index.htm开发者_开发技巧
...
<html>
...
<script type="text/javascript" src="http://www.custom.es/js/hello.js"></script>
...
</body>
</html>
www.custom.es/js/hello.js
alert("Hello.js: loaded");
Finally I added the proper lines to etc/hosts
127.0.0.1 www.custom.es
127.0.0.1 www.client.es
So I can get different mocksites from the browser as if they were real different sites.
The problem is that I was expecting Chrome/Firefox/Explorer/etc not to be able to get the hello.js due to the Same Origin Policy but everything is served and no error arises when I browse to www.client.es/index.htm
Any clue? Thanks in advance.
There aren't any restrictions against downloading and executing javascript in <script> tags from a different domain. The restrictions are against cross-domain ajax. What you did will work fine.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论