Same-origin policy: The Core of Web Security presented at OWASPNewZealandDay 2020

by Kirk Jackson,

Summary : The “same-origin policy” is a loosely defined set of rules that has evolved over the years since javascript was first introduced in 1995.In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.Along the way we’ll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls – such as cross-origin resource sharing (CORS), PostMessage and JSONP.