0

I was asked a question below and cannot find the answer. I looked up similar posts, but many posts (like this) ended up talking about cross-origin, not cross-domain. What is the answer to the below question?

Q: Assume you are working on a webpage at http://example.com/path/to/foo.html. if you were to send an AJAX request to the following URLs, which one would NOT trigger a cross-domain violation?

A: http://example.com/bar

B: https://example.com/path/to/bar.html

C: https://example.com:80/bar

D: http://www.example.com/bar

E: C and D

Thank you in advance.

UPDATE: Originally, I came across a website saying there is a 'Cross-domain violation' which is different from 'CORS' since 'origin' and 'domain' points different part. That's why I have been looking for the definition of 'cross-domain violation'. But it was actually the same as 'same-origin policy', as the answer below shows.

Chi
  • 276
  • 1
  • 8
  • 20
  • What are you referring to by "cross-domain violation"? Are you asking which cross-origin requests trigger a preflight request? If so, check out https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests – jub0bs Jan 14 '22 at 09:08
  • This question is specifically asking 'cross-domain violation'. – Chi Jan 14 '22 at 16:44
  • And I'm asking what you mean by that term. It's not clear to me. – jub0bs Jan 14 '22 at 17:07
  • Me neither. That's why I am asking here. – Chi Jan 14 '22 at 17:11
  • Where did you come across the term in the first place? – jub0bs Jan 14 '22 at 20:03
  • 1
    Poor wording on their part, esp. if you couldn't ask for clarification. That term isn't standard, but I'm guessing it refers to a request that would violate the Same-Origin Policy, which can be selectively relaxed using CORS. – jub0bs Jan 14 '22 at 20:17

1 Answers1

1

Due to this:

A resource is cross-origin when it's located at a different (sub)domain, protocol, or port!

You should also use exact match host so http://www.example.com/bar doesn't work out.

Take a look at this to see more examples.

You should not get CORS in the A option.

And also this article fully describing CORS.

sajjad rezaei
  • 945
  • 1
  • 10
  • 23
  • "A resource is cross-origin when it's located at a different (sub)domain, protocol, or port!" Where does this quote come from? I found that if 'cross origin' violation, it restricts http and https, so answer can be A and D. But the 'cross domain' restriction doesn't care...And I am still confused what the 'cross-domain violation' then...Also, there should be only 1 answer. – Chi Jan 17 '22 at 07:46
  • @Chi Thanks, I update the answer. the quote is ok and works well as Wikipedia said: "{scheme, host, port}" the schema is the protocol. take a look at [this](https://en.wikipedia.org/wiki/Same-origin_policy#Origin_determination_rules) which may be helpfull. – sajjad rezaei Jan 17 '22 at 20:43
  • Thank you! This link is the clearest I've ever seen! – Chi Jan 17 '22 at 22:37