Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Same Origin Policy

    • 0
    • 1
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 526
    Comment on it

    The “Same Origin Policy” is an essential theory in web application and introduced for security reason, It ensures that  scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. Means content of your site will never be accessible by a script from another site. As per the policy, any code loaded within the browser can only operate within that website’s domain.


    Why is it important?

    Imagine a situation wherein you have logged into Facebook. Now, you wish to open another side comprising some destructive JavaScript. The key to remember here is that the same origin policy comes to the rescue of your Facebook account since Javascript on the site you opened, later on, could perform any activity on your Facebook account like you do. For instance, it can post status updates and get access to your private messages.

    same for banking websites if a user is logged into banking website ,without the same origin policy malicious  javascript on another tab could do anything to your banking site.

     

    Techniques for relaxing Same Origin Policy:

    In some case, Same Origin Policy is too restrictive, the posing problem for large websites that use multiple subdomains. Some techniques for relaxing it:

     

    • document.domain property
    • Cross-Origin Resource Sharing
    • Cross-document messaging

    Reference link: https://en.wikipedia.org/wiki/Same-origin_policy

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: