Same Origin Policy

One of the more important topics in web application security is the same origin policy. It is a browser-based defense mechanism that makes it so that certain conditions must be met before content (usually JavaScript) will be run when served from a given website.

Rules

The rules are fairly simple: content wishing to run from a given location must match all three of the following things:

• Domain

• Port

• Protocol

One way of remembering this is with the acronym DPP. So, the Same Origin Policy (SOP) pertains to domain, port, and protocol (DPP). Or, SOP = DPP.

Related posts:

1. The UL Book Club

2. Masscan Examples: From Installation to Everyday Use

3. A ffuf Primer

4. An Ngrok Tutorial and Primer

5. Summary: Algorithms to Live By