Same-Origin Policy and serving JS from a CDN
Now my scripts communicate with my app server via ajax. Wouldn’t the same-origin policy restrictions come into play when I load these scripts from a CDN?
Let’s say my app is on the domain:
And I load my scripts from
Now, since my scripts are loaded from a different domain than the domain my app is running from, I guess the same origin policy would prevent me from doing ajax communication with my app.
Am I getting something wrong?
No, it will work. That’s why JSONP works. The “origin” of the script is the page it is executed in, not where it comes from.
As you asked for it, here’s a reference (I couldn’t find any better, but Crockford is well known)
Not really a reference: If this wouldn’t work, nobody could include jQuery from Google’s CDN and then use it’s