Skip to content

Fetch: Cross-Origin Requests #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 23, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions 5-network/05-fetch-crossorigin/1-do-we-need-origin/solution.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
We need `Origin`, because sometimes `Referer` is absent. For instance, when we `fetch` HTTP-page from HTTPS (access less secure from more secure), then there's no `Referer`.
Kita membutuhkan *`Origin`*, karena terkadang *`Referer`* tidak digunakan. Misalnya, saat kita *`fetch`* halaman HTTP dari HTTPS(mengakses yang kurang aman dari yang aman), maka tidak memakai *`Referer`*.

The [Content Security Policy](http://en.wikipedia.org/wiki/Content_Security_Policy) may forbid sending a `Referer`.
[Kebijakan keamanan konten](http://en.wikipedia.org/wiki/Content_Security_Policy) mungkin akan melarang untuk pengiriman *`Referer`*.

As we'll see, `fetch` has options that prevent sending the `Referer` and even allow to change it (within the same site).
Seperti yang kita lihat, *`fetch`* memiliki opsi untuk mencegah mengirim `Referer`, dan mengizinkan untuk mengubahnya ( di situs yang sama).

By specification, `Referer` is an optional HTTP-header.
Dari Spesifikasi, *`Referer`* adalah header HTTP opsional.

Exactly because `Referer` is unreliable, `Origin` was invented. The browser guarantees correct `Origin` for cross-origin requests.
Tepatnya karena *`Referer`* tidak dapat diandalkan, dibuat lah `Origin`. Browser menjamin *`Origin` *yang benar untuk *request* *cross-origin*.
14 changes: 7 additions & 7 deletions 5-network/05-fetch-crossorigin/1-do-we-need-origin/task.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ importance: 5

---

# Why do we need Origin?
# Kenapa kita membutuhkan Origin?

As you probably know, there's HTTP-header `Referer`, that usually contains an url of the page which initiated a network request.
Seperti yang kamu ketahui, Ada pembaca *header* HTTP *`Referer`*, yang biasanya berisi *url* dari halaman yang dimulai dari *request* jaringan.

For instance, when fetching `http://google.com` from `http://javascript.info/some/url`, the headers look like this:
Misalnya, saat pengambilan `http://google.com` dari `http://javacript.info/some/url`, *header* terlihat seperti ini:

```
Accept: */*
Expand All @@ -20,9 +20,9 @@ Referer: http://javascript.info/some/url
*/!*
```

As you can see, both `Referer` and `Origin` are present.
Seperti yang kamu lihat, baik *`Referer`* dan *`Origin`* ada.

The questions:
Pertanyaan:

1. Why `Origin` is needed, if `Referer` has even more information?
2. Is it possible that there's no `Referer` or `Origin`, or is it incorrect?
1. Kenapa *`Origin`* dibutuhkan, jika *`Referer`* memiliki lebih banyak informasi?
2. Apakah mungkin jika *`fetch`* tidak memakai *`Referer`* atau *`Origin`*, atau apakah *`fetch`* itu salah?
Loading