I wrote some foundational web platform explanation posts back in my IEBlog days and they keep getting lost. So I’m linking them here.
Same Origin Policy, the security policy which determines whether one site may interact with content from another site, and what limits apply, is one such foundational concept that is core to understanding the platform.
Explaining Same-Origin-Policy
I’ve written some more about CORS since then.
Note: Same Origin Policy for file://
URLs is inconsistent across browsers (particularly IE vs. modern browsers). Learn more here.