Security Flashcards
In computing, the ______-_______-_____ is an important concept in teh web applciation security model.
same-origin-policy
Under teh same-origin-policy, a web browser permits scripts caontined in a first web apge to access data in a second web page, but only if both web pages have the same origin. This is done to prevent _______.
Cross site scripting - XSS.
T or F
(SOP) same-origin-policy is enforced by web browsers and ignored by tools like postman and curl.
True
____ is one way the server at the other end (not the client code in the browser) can relax the same-origin-policy.
Cross origin resource sharing (CORS)
______ is a machanism that allows restricted resources (ie: fonts) on a web page to be requested from another domain outside the domain from which the first resource was served.
Corss origin resource sharing (CORS)
Cross Origin Resource Sharing (CORS)
- browser makes an HTTP options call for a URL
- options is an HTTP method like Get, Put, and Post
Server returns a resonse that says:
“These other domains are approved ti Get this URL”
-Error - “Origin policy can’t be read at the remote resource?”
You need to enable CORS on API GW
just read the other card.