STACK = Security Glossary

1. Same origin policy

  1. A browser can still make request to different origins, but the response will be filtered by it.

  2. It is a defense mechanism in modern web browsers.

URL

is same origin?

https://foo.com/user/1

Y

https://foo.com/articles

Y

https://bar.com

No (different host)

https://foo.com:1234

No (different port)

http://foo.com

No (different scheme)

1.1. workaround Cross-Origin Resource Sharing (CORS)

  1. relax the same-origin policy.

  2. enable on the server.

  3. Access-Control-Allow-Origin header

2. Session Hijacking and HTTPS

3. Cross-site request forgery (CSRF)

4. Cross-site scripting (XSS)

5. SQL injection

PreviousSTACK = BE GlossaryNextwebsocket

Last updated

Was this helpful?