Sometimes, you want to restrict an NPAPI plugin to be loadable only from a certain URL or domain or scheme. Or whenever you make network requests yourself, you almost always need to enforce same-origin policy.
There's unfortunately no trivial way to do that, but you can still do it, by asking the browser for the page URL during plugin initialization. Then you can just refuse to do anything, if you don't like the URL, or you can compare it with the other URL you want to contact.
So, how do we get at that page URL, i.e. the URL of the HTML which embeds the plugin, i.e. which caused the plugin to load?
There are at least 3 solutions (quoting newsgroup posts):
Via window location
From Robert Platt:
// Get the window object. NPN_GetValue( m_pNPInstance, NPNVWindowNPObject,