• ARعربي
  • ENEnglish
  • ESEspañol
  • FAفارسی
  • FRFrançais
  • IDIndonesia
  • ITItaliano
  • JA日本語
  • KO한국어
  • RUРусский
  • TRTürkçe
  • UKУкраїнська
  • ZH简体中文

ما قصد داریم این پروژهٔ متن‌باز را در دسترس همهٔ مردم در سرتاسر دنیا قرار دهیم.

به ترجمهٔ محتوای این آموزش به زبان خودتان کمک کنید/a>.

    نقشه آموزش
    اشتراک گذاری
    • آموزش
    • درخواست‌های شبکه
    • Fetch: Cross-Origin Requests
    بازگشت به درس
    این محتوا تنها در این زبان‌ها موجود است: English, Español, Français, Indonesia, Italiano, 日本語, 한국어, Русский, Türkçe, Українська, 简体中文. لطفاً به ما

    Why do we need Origin?

    اهمیت: 5

    As you probably know, there’s HTTP-header Referer, that usually contains an url of the page which initiated a network request.

    For instance, when fetching http://google.com from http://javascript.info/some/url, the headers look like this:

    Accept: */*
    Accept-Charset: utf-8
    Accept-Encoding: gzip,deflate,sdch
    Connection: keep-alive
    Host: google.com
    Origin: http://javascript.info
    Referer: http://javascript.info/some/url

    As you can see, both Referer and Origin are present.

    The questions:

    1. Why Origin is needed, if Referer has even more information?
    2. Is it possible that there’s no Referer or Origin, or is it incorrect?

    We need Origin, because sometimes Referer is absent. For instance, when we fetch HTTP-page from HTTPS (access less secure from more secure), then there’s no Referer.

    The Content Security Policy may forbid sending a Referer.

    As we’ll see, fetch has options that prevent sending the Referer and even allow to change it (within the same site).

    By specification, Referer is an optional HTTP-header.

    Exactly because Referer is unreliable, Origin was invented. The browser guarantees correct Origin for cross-origin requests.

    • © 2007—2025  Ilya Kantor
    • دربارهٔ پروژه
    • تماس با ما