isSameOrigin does not account for port 80
Reported by Johan Gorter | August 22nd, 2008 @ 06:02 PM | in 1.6.1
The function isSameOrigin returns false when we run our application on port 80. This is because
location.port = '' and this.url contains 80 as a port
We use weblogic behind an iis proxy.
Hope this can be fixed, we have to use evalJS = 'force' for now
Thanks!
Comments and changes to this ticket
-
John-David Dalton August 22nd, 2008 @ 06:13 PM
http://developer.mozilla.org/en/...
if ports are different then it will fail the same origin test.
-
-
John-David Dalton October 5th, 2008 @ 06:51 PM
If 80 is your default port maybe Prototype needs a way to set that.
-
John-David Dalton August 22nd, 2008 @ 06:38 PM
- → Assigned user changed from “” to “Tobie Langel”
- → Tag changed from “” to “needs_patch needs_tests”
- → Milestone changed from “” to “1.6.1”
- → State changed from “new” to “bug”
-
Johan Gorter August 25th, 2008 @ 09:00 AM
I do not know if a 'defaultport' solves the issue. Our application runs fine on any port except port 80. When we run our application on port 80 it fails. The solution should be such that if an application runs fine on a non-80 port, it should also work fine on port 80. Coding port-names in javascript makes an application less portable.
-
John-David Dalton August 25th, 2008 @ 03:05 PM
Am I missing something? Does the spec for same origin policy say that if you ports are different it fails the test, unless it's port 80?
Why does Port 80 get a pass? Being able to set your default port should make it more portable. If www.mysite.com is port 8080 and ww.mysite.com:8080 are identified as the same shouldn't the same origin policy test pass (I don't know because I havent tested it)?
If so being able to set the default port would help in that case.
-
Johan Gorter August 25th, 2008 @ 03:10 PM
www.mysite.com and www.mysite.com:8080 are not the same origin, but www.mysite.com and www.mysite.com:80 are. If one types www.mysite.com in a browser, then the browser will always go to port 80, because port 80 is the default port for HTTP traffic.
-
John-David Dalton August 25th, 2008 @ 03:47 PM
Ahh I, that is probably a safe assumption then, though I guess technically the client could change it
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
The Prototype JavaScript library.
Tobie Langel