localorigin

Localorigin refers to the origin classification applied to content that originates from the local file system or from a local environment that is not associated with a network host. In web security terminology, an origin is defined by the scheme, host, and port of a URL; file‑based resources lack a host and are therefore treated specially. Browsers, when loading page files using the file:// protocol, often assign the origin of the request as “null” or as a distinct “localorigin” value to indicate that the content does not belong to a network domain. This special origin status is used by the same‑origin policy and Cross‑Origin Resource Sharing (CORS) mechanisms to determine whether to permit or block access to resources or APIs. Because local pages can bypass normal origin checks, some browsers impose additional restrictions, such as blocking fetches of remote assets or signalling “localorigin” in the Origin request header to server-side code that might otherwise accept cross‑origin requests. The term helps developers and security analysts to distinguish locally loaded resources from those served over the network, facilitating safer handling of scripts, fonts, and data embedded in local documents.