Home > Web Front-end > JS Tutorial > An in-depth analysis of the same origin policy and cross-domain access_javascript skills

An in-depth analysis of the same origin policy and cross-domain access_javascript skills

WBOY
Release: 2016-05-16 15:29:42
Original
1230 people have browsed it

1. What is the same origin policy

To understand cross-domain, you must first understand the same origin policy. The Same Origin Policy is a very important security policy implemented on browsers for security reasons.

What is the same origin:

URL consists of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it means they have the same origin.

Same origin policy:

The browser's same-origin policy restricts "documents" or scripts from different sources from reading or setting certain attributes on the current "document". (White hat talks about web security [1])

Scripts loaded from one domain are not allowed to access document properties of another domain.

For example:

For example, a malicious website page embeds a bank’s login page through an iframe (the two sources are different). If there is no origin restriction, the JavaScript script on the malicious web page can obtain the user name and password when the user logs in to the bank.

In the browser, tags such as

Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template