How does the same origin policy apply to IP addresses

Question

I have a server on our company intranet that runs JBoss. I want to send API calls to this server from my machine, also on the intranet, and get the resulting XML responses using JQuery.

I read the entry on Wikipedia but am confused how that applies to my situation, since our machines only have IP addresses, not domain names.

I have

• server URL: 10.2.200.3:8001/serviceroot/service
• client IP address: 10.2.201.217

My questions are:

1. As far as I understand these are different domains, right? So I have to use a proxy to issue JQuery.ajax calls to the server
2. If I want to avoid doing (2), can I install Apache on the server and server the page with JS code form there? But then the JS will be from 10.2.200.3 and the server is at 10.2.200.3:8001. Aren't these considered different domains according to policy?

Thanks!

Answer 1

1. Yes.

2. Yes, different ports mean different origins. This is something that most browsers have done in JS for a while, but it is explicitly described in the HTML5 draft, which is referenced by the XMLHttpRequest draft.

If A and B have port components that are not identical, return false.

Answer 2

If the port, or address are different, they are different domains. If you need to access information from what is effectively another server you really have two options. One is to write some sort of reverse proxy to pass your requests from the same origin server to the secondary server.

Alternatively, if you are in control of the secondary target, and there's no security risk in providing direct access, you could consider adjusting the secondary server to emit JSON-P responses.