what is the difference between http://www.website.com and http://website.com?

Question

consider i have created a website and have a web directory like this...

1.index.php

2.ajax.php

In index.php coding.. i use

<html>
....
<base href="http://website.com">
....
....
<script> <!-- using jquery -->
.... 
$.ajax({
        url:'ajax.php',
        type:'POST',
        data:{ 'variable': value  },
        success: function(res){
        ....
        ....    
        }
    });  
....
</script>

when i run above code it works fine... but when i add "www" in base element href attribute, like this...

<base href="http://www.website.com">

its not working why?, it show error like this in javascript..

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://example.com/ajax.php. This can be fixed by moving the resource to the same domain or enabling CORS.

now i have question?

what is the real problem?
what should i do to make both base element code should run?
what is CORS enabling?
if i enable CORS, anyone from other website can able to access my site?

I would appreciate if some one could assist me, thanks in advance...

One has the www subdomain and so it is treated as cross origin by the looks of it. — gratz, Dec 11 '14 at 12:35

score 3 · Accepted Answer · answered Dec 11 '14 at 12:37

what is the difference between http://www.website.com and http://website.com?

They have different hostnames and are (technically) different websites. They could host different content, but probably don't.

what is the real problem?

Different hostnames are different origins. Browsers do not let JavaScript running in a page on one origin read content from another origin unless permission is given with CORS.

what should i do to make both base element code should run?

Pick one of the two hostnames to be canonical. Configure the server so the non-canonical one issues a 301 HTTP redirect to the canonical one.

While you are at it, stop using <base>. It is far more pain than it is worth, and almost everything good about it can be achieved by using URLs that are relative to the server root (i.e. URLs that begin with a / character).

what is CORS enabling?

Configuring the server to send HTTP headers that give the browser permission to share your site's data with other sites.

See MDN for more.

if i enable CORS, anyone from other website can able to access my site?

You can specify global access or limit it to specific origins.

score 0 · Answer 2 · answered Dec 11 '14 at 12:36

Well basically, "www." is a subdomain which isn't technically the same as the root directory. You could have an entirely different website running on the subdomain "www.", although most hosting providers have their DNS automatically setup to redirect the subdomain "www." to the root folder (or the other way around). You can do this yourself using a .htaccess file with the following content:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

what is the difference between http://www.website.com and http://website.com?

2 Answers2