Homologous strategy is for security, ensuring that the resources in an application can only be accessed by the resources of this application. Otherwise, everyone can access it. The so-called homology means that "protocol+domain name+port" is the same, even if two different domain names point to the same ip address, they are not homologous.

Homologous Policy /SOP (Homologous Policy) is a convention, which was introduced into the browser by Netscape 1995. It is the core and basic security function of browsers, and now all browsers that support JavaScript will use this strategy. If there is no homologous strategy, browsers are vulnerable to attacks such as XSS and CSFR.

What is the source:

1, the source is the protocol, domain name and port number.

(1) If the protocol, domain name and port number in the address are the same, they belong to the same source.

2. The following is relative to? /test/index.html？ Homologous detection is based on

( 1)/dir/page.html？ -Success, the default port is 80.

(2)/test/index.html？ -Failed, different domain name.

(3)/test/index.html？ -Failure, different protocol.

(4):8080/test/index.html？ -Failed, different port numbers.

(5)/a.js？ http:// 192. 168.4 . 12/b . js？ Although domain names point to the same ip and ip, they are not homologous because domain names are different.