Merge pull request #687 from nickfreemandesign/patch-1
minor language fixes to readme
This commit is contained in:
Ilya Kantor
GitHub
commit
b8de609ace
1 changed files with 1 additions and 1 deletions
|
|
@ -26,7 +26,7 @@ The "Same Origin" policy states that:
|
||||||
- if we have a reference to another window, e.g. a popup created by `window.open` or a window inside `<iframe>`, and that window comes from the same origin, then we have full access to that window.
|
- if we have a reference to another window, e.g. a popup created by `window.open` or a window inside `<iframe>`, and that window comes from the same origin, then we have full access to that window.
|
||||||
- otherwise, if it comes from another origin, then we can't access the content of that window: variables, document, anything. The only exception is `location`: we can change it (thus redirecting the user). But we can't not *read* location (so we can't see where the user is now, no information leak).
|
- otherwise, if it comes from another origin, then we can't access the content of that window: variables, document, anything. The only exception is `location`: we can change it (thus redirecting the user). But we can't not *read* location (so we can't see where the user is now, no information leak).
|
||||||
|
|
||||||
Now let's see how some examples. First, about pages that come from the same origin, and thus there are no limitations. And afterwards we'll cover cross-window messaging that allows to work around the "Same Origin" policy.
|
Now let's see some examples. First, we'll look at pages that come from the same origin and do not conflict with the "Same Origin" policy, and afterwards we'll cover cross-window messaging that allows to work around the "Same Origin" policy.
|
||||||
|
|
||||||
|
|
||||||
````warn header="Subdomains may be same-origin"
|
````warn header="Subdomains may be same-origin"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue