Why is there a need for the Same-origin policy (SOP)?

Asked May 07 '15 at 17:35

Active May 07 '15 at 17:35

Viewed 93 times

I did read a lot about SOP. What it does, and how it works, for example here in Wikipedia: http://en.wikipedia.org/wiki/Same-origin_policy

And I can often read, that the SOP is an important element of security in browsers and web-applications, that prevents attack.

My problem is: I can't think of any scenario where a cross-domain access would be dangerous for anyone.

Please can you describe at least one scenario that is prevented by SOP and would be a detriment for someone if it wasn't prevented .

asked May 07 '15 at 17:35

Hubert Schölnast

when a user is already logged into her bank account, you don't want other sites make requests to the bank account? – Fabricator May 07 '15 at 17:39
@Fabricator: Please explain more detailed. – Hubert Schölnast May 07 '15 at 17:40
without SOP, other sites can call things like `bank.transfer(...)` because the browser is not verifying the request origin. – Fabricator May 07 '15 at 17:46
try out some xss missions on hackthissite.org if you are interested – Fabricator May 07 '15 at 17:48
@Fabricator: I didn't get the point. Please write an answer (not a comment) and explain in detail. – Hubert Schölnast May 07 '15 at 22:22
Possible duplicate of [Simple example for why Same Origin Policy is needed](https://stackoverflow.com/questions/14667189/simple-example-for-why-same-origin-policy-is-needed) – Brent Bradburn Aug 10 '17 at 18:42

0 Answers0