Importance of Same Origin Policy(SOP) in Web Application Security
Same Origin Policy(SOP) is a critical point of web application security because this policy prevents JavaScript code from getting or setting properties on a resource coming from a different origin.
Basically, the browser such as chrome/Firefox uses Protocol,Hostname and Port to find out if JavaScript can access a resource such as protocol,hostname and port must match.
For Example: https://www.tesla.com:443/
1)https- protocol
2)www.tesla.com- hostname
3)443-port
And apart from this it can read resources from:
https://www.tesla.com:443/path
https://www.tesla.com:443/path/2
But not from:
→ https://www.tesla.com/path (same protocol and domain but different port)
→http://www.tesla.com:345/path (same port and domain but different protocol)
→https://www.tesla.net:345/path (same port and protocol but different domain)
Perhaps to include external resources by using HTMLtag such as img,script,iframe,object,etc.
NOTE: SOP applies only to the actual code of a script
The entire web application security is based on Same Origin Policy.
If a script on domain A was able to read content on domain B, it would be possible to steal clients’ information and mount a number of very dangerous attacks.