Simulating Same Origin Policy in one workstation

I'm trying to simulate the same origin policy with my own laptop for researching purposes. I'd tried the following way, but it's not working:

httpd.conf:

...
    NameVirtualHost *:80

    <VirtualHost *:80>
      ServerName www.client.es
      DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client"
      <Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client">
        AllowOverride All
        Allow from All
      </Directory>
    </VirtualHost>  

    <VirtualHost *:80>
      ServerName www.custom.es
      DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom"
      <Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom">
        AllowOverride All
        Allow from All
      </Directory>
    </VirtualHost>  
...

Now, in order to get the SOP effect I built two different mock sites:

www.client.es/index.htm开发者_开发技巧

...
<html>
...
<script type="text/javascript" src="http://www.custom.es/js/hello.js"></script>
...
</body>
</html>

www.custom.es/js/hello.js

alert("Hello.js: loaded");

Finally I added the proper lines to etc/hosts

127.0.0.1   www.custom.es
127.0.0.1   www.client.es

So I can get different mocksites from the browser as if they were real different sites.

The problem is that I was expecting Chrome/Firefox/Explorer/etc not to be able to get the hello.js due to the Same Origin Policy but everything is served and no error arises when I browse to www.client.es/index.htm

Any clue? Thanks in advance.

There aren't any restrictions against downloading and executing javascript in <script> tags from a different domain. The restrictions are against cross-domain ajax. What you did will work fine.