← Cybersecurity Alphabet Soup

SOP

Same-Origin Policy

appsecmedium

The same-origin policy is the browser's core security rule: script running on one origin cannot read data from a different origin, where origin means the combination of scheme, host, and port. It is the foundation that makes web sessions safe, and mechanisms like CORS exist as controlled exceptions to it. Understanding SOP is essential for reasoning about attacks like cross-site scripting and cross-site request forgery.

Sources

More in appsec