What is Cross-Origin?

Cross-origin requests occur when a web page tries to access a resource from a different origin (protocol, host, or port).

Such requests are restricted by the browser's Same-Origin Policy (SOP) for security reasons.

What is “Same-Origin”?

Two URLs are considered same-origin if they share:

• Protocol (e.g., http, https)
• Host (domain or subdomain)
• Port (default: 80 for http, 443 for https)

Examples:

<http://example.com:80>     ✅ Same-origin
<http://example.com:8080>   ❌ Different port
<https://example.com>       ❌ Different protocol
<http://api.example.com>    ❌ Different subdomain

If any of these differ between the page origin and the requested resource, it's a cross-origin request, which the browser may block unless allowed via CORS headers.