WEB General
  • Introduction
  • JWT vs Session
  • Stream & Multipart
  • Digital Ocean - steps
  • Security - SSH/firewall/VPN
  • Security - MongoDB
  • Security - XSS|CSRF
  • MISC
  • STACK = websocket & socketIO
  • STACK = FE Glossary
  • STACK = BE Glossary
  • STACK = Security Glossary
  • websocket
Powered by GitBook
On this page
  • 1. Same origin policy
  • 1.1. workaround Cross-Origin Resource Sharing (CORS)
  • 2. Session Hijacking and HTTPS
  • 3. Cross-site request forgery (CSRF)
  • 4. Cross-site scripting (XSS)
  • 5. SQL injection

Was this helpful?

STACK = Security Glossary

1. Same origin policy

  1. A browser can still make request to different origins, but the response will be filtered by it.

  2. It is a defense mechanism in modern web browsers.

URL

is same origin?

Y

Y

No (different host)

No (different port)

No (different scheme)

1.1. workaround Cross-Origin Resource Sharing (CORS)

  1. relax the same-origin policy.

  2. enable on the server.

  3. Access-Control-Allow-Origin header

2. Session Hijacking and HTTPS

3. Cross-site request forgery (CSRF)

4. Cross-site scripting (XSS)

5. SQL injection

PreviousSTACK = BE GlossaryNextwebsocket

Last updated 5 years ago

Was this helpful?

https://foo.com/user/1
https://foo.com/articles
https://bar.com
https://foo.com:1234
http://foo.com