Importance of Same Origin Policy(SOP) in Web Application Security

Same Origin Policy(SOP) is a critical point of web application security because this policy prevents JavaScript code from getting or setting properties on a resource coming from a different origin.

Basically, the browser such as chrome/Firefox uses Protocol,Hostname and Port to find out if JavaScript can access a resource such as protocol,hostname and port must match.

For Example: https://www.tesla.com:443/

1)https- protocol

2)www.tesla.com- hostname

3)443-port

And apart from this it can read resources from:

https://www.tesla.com:443/path

https://www.tesla.com:443/path/2

But not from:

→ https://www.tesla.com/path (same protocol and domain but different port)
→http://www.tesla.com:345/path (same port and domain but different protocol)

→https://www.tesla.net:345/path (same port and protocol but different domain)

Perhaps to include external resources by using HTMLtag such as img,script,iframe,object,etc.

NOTE: SOP applies only to the actual code of a script

The entire web application security is based on Same Origin Policy.

If a script on domain A was able to read content on domain B, it would be possible to steal clients’ information and mount a number of very dangerous attacks.