search

STACK = Security Glossary

hashtag
1. Same origin policy

  1. A browser can still make request to different origins, but the response will be filtered by it.

  2. It is a defense mechanism in modern web browsers.

URL

is same origin?

https://foo.com/user/1arrow-up-right

Y

https://foo.com/articlesarrow-up-right

Y

https://bar.comarrow-up-right

No (different host)

https://foo.com:1234arrow-up-right

No (different port)

http://foo.comarrow-up-right

No (different scheme)

hashtag
1.1. workaround Cross-Origin Resource Sharing (CORS)

  1. relax the same-origin policy.

  2. enable on the server.

  3. Access-Control-Allow-Origin header

hashtag
2. Session Hijacking and HTTPS

hashtag
3. Cross-site request forgery (CSRF)

hashtag
4. Cross-site scripting (XSS)

hashtag
5. SQL injection

PreviousSTACK = BE GlossaryNextwebsocket

Last updated