This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Same Origin Policy
Same Origin Policy

Version management

Difference between version and

At line 1 added 15 lines
!!! Overview
[{$pagename}] ([SOP]) is an important concept in the [WEB] [application] [Security Considerations]. Under the [policy], a web [browser] permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same [Web Origin].
An origin is defined as a combination of [URI Scheme], hostname, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's [Document Object Model].
This mechanism bears a particular significance for modern web applications that extensively depend on [HTTP] [cookies] to maintain authenticated user sessions, as servers act based on the [HTTP] [cookie] information to reveal sensitive information or take [state]-changing actions. A strict separation between content provided by unrelated sites must be maintained on the [client-side] to prevent the loss of [data] [confidentiality] or [integrity].
The [algorithm] used to calculate the "origin" of a [URI] is specified in [RFC 6454], Section 4. For absolute [URIs], the origin is the triple {[protocol], [host], [port]}. If the [URI] does not use a hierarchical element as a naming authority (see [RFC 3986], Section 3.2) or if the [URI] is not an [Absolute URI], then a globally unique identifier is used. Two resources are considered to be of the same origin if and only if all these values are exactly the same.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Same-origin_policy|Wikipedia:Same-origin_policy|target='_blank'] - based on information obtained 2017-04-23
* [#2] - [7.5 Origin|https://html.spec.whatwg.org/multipage/origin.html|target='_blank'] - based on information obtained 2020-02-01
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop