Same Origin Policy (SOP)

Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information. Same Origin Policy prevents a web site's scripts from accessing and interacting with scripts used on other sites.

HTTP cookies are dependent on the Same Origin Policy to ensure that sensitive information held about a certain user's activity pertains only to one site. Requiring scripts to be from the same site, or have the same origin, in order to interact with each other without restriction allows browsers to maintain user sessions securely without user re-authentication.

Content Continues Below

The Same Origin Policy is commonly circumvented by clientless SSL VPNs; the VPNs draw content from all over the Internet and present it to the client as though it came from the same origin, thereby allowing scripts from various sites to interact. This is dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.

This was last updated in February 2010

Dig Deeper on Web browser security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Ajax is not a Web programming language, it's a async communication method of JavaScript.

File Extensions and File Formats

Powered by: