The Same-Origin Policy (SOP)

Web browsers have built-in controls to prevent malicious web sites from stealing users' personal data. Through the Same-Origin Policy (SOP) browsers also restrict the ways that web applications can communicate with (1) web servers and with (2) other windows in the browser.

What Is SOP?

Applications of SOP

Exceptions to SOP 

The opposite of SOP is Cross-Origin Resource Sharing (CORS) where a browser is allowed to bypass ("relax") the SOP in certain controlled ways to access resources from other websites.

Resources