Recap on Same Origin Policy CORS and CSRF
I had a fascinating lecture earlier this week with Prateek Saxena as part of my Web Security course, where we learned about a core pillar of web security, the same origin policy. Briefly speaking, the same origin policy disallows different web apps from accessing each other’s content and resources through the browser. It’s a framework for access control. Just like how User A cannot access User B’s files on a Mac OS, website A cannot access website B’s HTML, Javascript, CSS, by default. ...