DEV Community

Cover image for The Benefit of Same Origin Policy
Brandon Briones
Brandon Briones

Posted on

The Benefit of Same Origin Policy

In this world we know that there's at least two kinds of people, a good and a bad. If someone is good then you can trust them and know that they are not out to get you. On the other side of the spectrum -the bad- they are always up to something mischievous. This can also be said about websites!

We all use some sort of social media, or banking website that contains some sort of private information that we don't want shared. Malicious websites that you might accidentally stumble upon might want access to certain information that is stored on these other sites. For example you might be on FaceBook and see an advertisement that says "Win a free Ipad pro" simply by clicking on the link below! Then you're on the site and start wondering where is my free Ipad? All the while this site is trying to run some Javascript code or Ajax request trying to get access to your friend list! We definitely don't want that to happen and this is where the Same origin policy comes into play.

The Same origin policy or SOP is able to add a layer of security by letting websites share data only if they have the same origin. What am I talking about when I say origin? For that we have to take a look at the url! A url is broken down into scheme, host/domain name, and a port.
Alt Text

When any request is trying to be made by a webpage, that webpage url becomes the origin. Going back to our example from above. Now that we are on this new malicious website. When the website tries to run the request to get our friend list information from Faceboook. The Same origin policy steps in and says, "hold up, wait a minute! Your scheme, domain, and port don't match.".
Alt Text
The request from the malicious website gets denied, keeping our friend list information safe.

This policy is just one of many ways that the information that we keep in certain sites are safe from any outside forces.

Top comments (0)