SOP (Same-Origin Policy)

Definition

Same-Origin Policy (SOP) is a client-side security policy, implemented by browsers, that prevents a website from accessing scripts from another domain unless explicitly allowed

The same-origin policy applies only to scripts. Resources such as images, CSS, and dynamically loaded scripts can be accessed across origins via the corresponding HTML tags (with fonts being a notable exception)
It is a predefined browser policy
Attacks take advantage of the fact that the same origin policy does not apply to HTML tags
Access is granted only if the domains share the same protocol, hostname and port

Limits

SOP cannot stop top-level navigation requests including location.assign() (Khodayari, Barber, et al., 2024)

References

(Trampert, Stock, et al., 2023)

GUI testing wiki

Explorer

SOP (Same-Origin Policy)

Definition

Limits

References

Graph View

Table of Contents

Backlinks