The “Same Origin Policy” is an essential theory in web application and introduced for security reason, It ensures that scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. Means content of your site will never be accessible by a script from another site. As per the policy, any code loaded within the browser can only operate within that website’s domain.
Why is it important?
Imagine a situation wherein you have logged into Facebook. Now, you wish to open another side comprising some destructive JavaScript. The key to remember here is that the same origin policy comes to the rescue of your Facebook account since Javascript on the site you opened, later on, could perform any activity on your Facebook account like you do. For instance, it can post status updates and get access to your private messages.
same for banking websites if a user is logged into banking website ,without the same origin policy malicious javascript on another tab could do anything to your banking site.
Techniques for relaxing Same Origin Policy:
In some case, Same Origin Policy is too restrictive, the posing problem for large websites that use multiple subdomains. Some techniques for relaxing it:
- document.domain property
- Cross-Origin Resource Sharing
- Cross-document messaging
Reference link: https://en.wikipedia.org/wiki/Same-origin_policy
0 Comment(s)