STACK = Security Glossary
1. Same origin policy
A browser can still make request to different origins, but the response will be filtered by it.
It is a defense mechanism in modern web browsers.
URL
is same origin?
Y
Y
No (different host)
No (different port)
No (different scheme)
1.1. workaround Cross-Origin Resource Sharing (CORS)
relax the same-origin policy.
enable on the server.
Access-Control-Allow-Origin
header
2. Session Hijacking and HTTPS
3. Cross-site request forgery (CSRF)
4. Cross-site scripting (XSS)
5. SQL injection
Last updated
Was this helpful?