Same Origin Policy & CORS

Posted byericlawPosted indev, security, webTags:,

I wrote some foundational web platform explanation posts back in my IEBlog days and they keep getting lost. So I’m linking them here.

Same Origin Policy, the security policy which determines whether one site may interact with content from another site, and what limits apply, is one such foundational concept that is core to understanding the platform.

Explaining Same-Origin-Policy

I’ve written some more about CORS since then.

Note: Same Origin Policy for file:// URLs is inconsistent across browsers (particularly IE vs. modern browsers). Learn more here.

Published by ericlaw

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ Microsoft 2001-2012, and 2018-, working on Office, IE, and Edge. Now a GPM for Microsoft Defender. My words are my own, I do not speak for any other entity.

Leave a comment