In-depth analysis of same-origin Policy and Cross-origin access _ javascript skills

The same-origin policy (Sameoriginpolicy) is a convention. It is the core and basic security function of the browser. If the same-origin policy is missing, the normal functions of the browser may be affected. It can be said that the Web is built on the basis of the same-origin policy, the browser is only for the same-origin policy implementation 1. What is a same-origin policy

To understand cross-origin, you must first understand the same-origin policy. The same-origin policy is a very important security policy for security considerations in browsers.

What is the same source:

The URL consists of the protocol, domain name, port, and path. If the protocol, domain name, and port of the two URLs are the same, they are the same source.

Same-origin policy:

The same-source policy of the browser restricts "document" or scripts from different sources, and reads or sets certain attributes for the current "document. (White Hat Professionals talk about web security [1])

Scripts loaded from one domain cannot access the document attributes of another domain.

For example:

For example, if a malicious website page is embedded into a bank login page through iframe (the two are different from each other, the javascript script on the malicious web page can obtain the user name and password when the user logs on to the bank.

In the browser, script,