Same Origin Policy

June 28, 2008

One of the more important topics in web application security is the same origin policy. It is a browser-based defense mechanism that makes it so that certain conditions must be met before content (usually JavaScript) will be run when served from a given website.

Rules

The rules are fairly simple: content wishing to run from a given location must match all three of the following things:

Domain
Port
Protocol

One way of remembering this is with the acronym DPP. So, the Same Origin Policy (SOP) pertains to domain, port, and protocol (DPP). Or, SOP = DPP.

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

For 29.5299 years I've been creating ad-free technical tutorials and essays here. 3,045 pieces and counting.

It's a one-person effort that's also my livelihood. If it makes your day easier or more pleasant in any way, please consider supporting the work with a monthly or one-time donation.

It helps me make more content, and is deeply appreciated as well. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT