I am learning about CSRF and I came across SOP. While searching for the necessity of its implementation I learnt and wrote what I understood. Please let me know if what I have written is correct, if not, please correct me.
My understanding of SOP's necessity:
Let's say you visit bank.com one of your tabs and then in another tab you visit malicious.com (a malicious site). Now without any proper SOP from bank.com, any JS running onto malicious.com can access the private data or perform any malicious tasks on your behalf on bank.com tab. TO avoid this, bank.com uses the implementation of SOP which allows any interaction of JS only from the ORIGIN of bank.com (Here bank.com is the ORIGIN).
Aucun commentaire:
Enregistrer un commentaire