November 27, 2020

Same-Origin Policy (SOP)

The same-origin policy is a web browser security mechanism that aims to prevent websites from attacking each other.

Same = port + domain.

SourceDestinationResult
https://gingsoft.comhttps://darkredteam.comNOGO
gingsoft.com != darkredteam.com
https://gingsoft.comhttp://gingsoft.comNOGO
http != https
https://gingsoft.comhttps://gingsoft.com:8443NOGO
443 != 8443
https://gingsoft.comhttps://www.gingsoft.comNOGO
subdomain is still a different domain.
https://gingsoft.comhttps://gingsoft.comGO

If you have a web application architecture that requires an exception to this strict policy, then you needs Cross-Origin Resource Sharing (CORS).