Same Origin Policy

June 28, 2008

One of the more important topics in web application security is the same origin policy. It is a browser-based defense mechanism that makes it so that certain conditions must be met before content (usually JavaScript) will be run when served from a given website.

Rules

The rules are fairly simple: content wishing to run from a given location must match all three of the following things:

Domain
Port
Protocol

One way of remembering this is with the acronym DPP. So, the Same Origin Policy (SOP) pertains to domain, port, and protocol (DPP). Or, SOP = DPP.

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

Since 1999 I've been creating ad-free technical tutorials and essays here. It's a one-person effort that's also my life and livelihood. If it makes your day more livable in any way, please consider supporting the work with a monthly or one-time donation. Your support means a lot to me, and makes all the difference. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT