There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://www.company.com/dir/other.html executes this statement: document.domain = "company.com"; After execution of that statement, the page would pass