What is the Same Origin Policy?

Updated 17 December 2024

Introduction

Today, New browsers provide many built-in security mechanisms to protect against cyberattacks. The Content-Security-Policy, Cookies Policy, and Same Origin Policy are a few of them.

These built-in mechanisms can not protect us fully, but they provide an extra layer of security that can make hackers work hard.

Here we are going to discuss a browser feature SOP (Same-origin policy).

Same Origin Policy

Before SOP, we need to understand “What is origin”. In this context, origin denotes the exact location of a specific resource such as script, documents, etc.

Mainly origin consists of three elements, The hostname (test.com), the protocol (HTTP or HTTPS), and the ports (80, 443, 8080).

At the time of SOP checks, the browser compares the origin location with the requested resource location.

EXAMPLE: Let’s compare the origin location of this http://old.test.com/dir/ with tables.

URLResultReason
http://old.test.com/dir2/index.htmlSame-originSame host, protocol, port (only the path differs)
https://old.test.com/dir2/FailureDifferent protocol
http://old.test.com/dir/other.htmlSame-originonly the path differs
http://old.test.com:81/dir/page.htmlFailureDifferent Port no.
http://new.test.com/dir/page.htmlFailureDifferent Hostname

The same-origin policy is an important security feature of any browser.

Its main purpose is to restrict cross-origin resource sharing like documents, scripts, or media files from one origin to a different origin.

SOP is applicable for a script, and documents, It means resources like CSS, Images, etc. can be accessed across origins via the corresponding HTML tags.

Conclusion

A browser can load and display resources from multiple sites and can embed multiple iframes from different sites.

If there is no restriction on the browser, a script can be compromised by a hacker, and the script could expose everything in a user’s browser.

Here, SOP acts as a gatekeeper and restricts read access to a resource loaded from a different origin.

Secure your E-commerce store with Webkul through its basic security module.

In case of any help or query, please contact us or raise a ticket.

author
. . .

Leave a Comment

Your email address will not be published. Required fields are marked*


Be the first to comment.

Start a Project




    Message Sent!

    If you have more details or questions, you can reply to the received confirmation email.

    Back to Home