Introduction
During the working on the javascript and Web API , I met the two new concept , which want to share with all
1.Same Origin Policy (SOP)
2.Cross-origin resource sharing (CORS)
Both concepts are very interesting and useful for javascript and web API Programing
1.Same Origin Policy (SOP) :
By the definition ,Same Origin Policy prevents a web site's scripts from accessing and interacting with scripts used on other sites.
An Origin is defined as a combination of URI Scheme , host name and port name.
browsers allow websites to store information on a client's computer in the form of cookies , hackers can retrive these information without user's knowledge.This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.
2.Cross-origin resource sharing (CORS)
"Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page[1] to be requested from another domain outside the domain from which the first resource was served" (WikiPedia definition).
In the IFrame era, multiple web applications work together and share the resource between each other,so Same Origin Policy (SOP) can be circumvented , whenever cross site requests are required. setting CORS at the server-side will allow a request to be sent to the server via an XMLHttpRequest even if the request was sent from a different domain. This becomes useful if your server was intended to serve requests from other domains.
Summary
Hackers always look for dissipate the security of the web. CORS allows secure and unbroken communication between web services without making their users vulnerable to attack.
During the working on the javascript and Web API , I met the two new concept , which want to share with all
1.Same Origin Policy (SOP)
2.Cross-origin resource sharing (CORS)
Both concepts are very interesting and useful for javascript and web API Programing
1.Same Origin Policy (SOP) :
By the definition ,Same Origin Policy prevents a web site's scripts from accessing and interacting with scripts used on other sites.
An Origin is defined as a combination of URI Scheme , host name and port name.
browsers allow websites to store information on a client's computer in the form of cookies , hackers can retrive these information without user's knowledge.This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.
2.Cross-origin resource sharing (CORS)
"Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page[1] to be requested from another domain outside the domain from which the first resource was served" (WikiPedia definition).
In the IFrame era, multiple web applications work together and share the resource between each other,so Same Origin Policy (SOP) can be circumvented , whenever cross site requests are required. setting CORS at the server-side will allow a request to be sent to the server via an XMLHttpRequest even if the request was sent from a different domain. This becomes useful if your server was intended to serve requests from other domains.
Summary
Hackers always look for dissipate the security of the web. CORS allows secure and unbroken communication between web services without making their users vulnerable to attack.
