Same-Origin Policy

E856188

access control policy browser security policy web security mechanism

The Same-Origin Policy is a fundamental web security mechanism that restricts how documents or scripts loaded from one origin can interact with resources from another, helping prevent malicious cross-site attacks.

Jump to: Statements Referenced by

Statements (50)

Predicate	Object
instanceOf	access control policy ⓘ browser security policy ⓘ web security mechanism ⓘ
aimsToPrevent	cross-site request forgery ⓘ cross-site scripting ⓘ data exfiltration between sites ⓘ session hijacking via cross-origin access ⓘ
appliesTo	DOM access ⓘ Fetch API NERFINISHED ⓘ IndexedDB NERFINISHED ⓘ WebSockets NERFINISHED ⓘ XMLHttpRequest NERFINISHED ⓘ client-side scripts ⓘ cookies ⓘ localStorage ⓘ sessionStorage ⓘ web browsers ⓘ
defines	rules for cross-origin access ⓘ
definesOriginBy	host ⓘ port ⓘ scheme ⓘ
enforcedBy	DOM implementation ⓘ JavaScript engine ⓘ browser networking layer ⓘ
hasComponent	origin ⓘ
hasExceptionMechanism	CORS NERFINISHED ⓘ JSONP (legacy) ⓘ postMessage ⓘ
hasSecurityGoal	isolation between web origins ⓘ protection of user data across sites ⓘ
introducedBy	Netscape Navigator NERFINISHED ⓘ
introducedIn	1990s ⓘ
relatedTo	Content Security Policy NERFINISHED ⓘ Cross-Origin Resource Sharing NERFINISHED ⓘ document.domain relaxation ⓘ postMessage API ⓘ sandboxed iframes ⓘ
restricts	cross-origin DOM access ⓘ cross-origin network requests ⓘ cross-origin reads ⓘ cross-origin writes ⓘ
treatsAsCrossOrigin	documents with different host ⓘ documents with different port ⓘ documents with different scheme ⓘ
treatsAsSameOrigin	documents with same scheme host and port ⓘ
usedBy	Google Chrome NERFINISHED ⓘ Microsoft Edge NERFINISHED ⓘ Mozilla Firefox NERFINISHED ⓘ Opera NERFINISHED ⓘ Safari NERFINISHED ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

CORS processing model → isRelatedTo → Same-Origin Policy ⓘ