Explain the same-origin policy with regards to JavaScript?
The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. Same-origin Policy is used as a means to prevent some of the Cross-site Request Forgery attacks.
The “origin” is the same if three things are the same: the protocol (http vs. https), the domain (subdomain.yoursite.com vs. yoursite.com vs. google.com), and the port (: 80 vs.: 4567). Using JS, we would be able to fetch resources (typically data like text,html,json,etc) using JSONP where we create a script tag dynamically with src attr pointing to the end source. Insert the script tag into the head section of the page. This will force the browser to fetch the end source similar to how it fetches any other JS or image via http.