Javascript相同来源政策和Google Crome控制台

Question

Does same origin policy apply when you execute javascript in google crome console utility that came from internet domain locally. for example what happens if I do this in console.

//from facebook.com
alert('javascript')
// we can xhr as well here

Answer 1

Anything you execute from the Chrome console is executed in the context of the web page that you opened it from. So if you try to perform an AJAX call to a different domain from that page, it will be restricted by the same-origin policy.

I opened the console here on SO, and typed:

$.get('http://dev.bridgebase.com/barmar_test/test.html', function(x) {console.log(x);})

and I got the error:

XMLHttpRequest cannot load http://dev.bridgebase.com/barmar_test/test.html?_=1481190195362 . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://stackoverflow.com ' is therefore not allowed access.