{"id":13555,"date":"2022-03-04T14:17:52","date_gmt":"2022-03-04T14:17:52","guid":{"rendered":"http:\/\/www.max-sperling.bplaced.net\/?p=13555"},"modified":"2024-02-16T10:47:31","modified_gmt":"2024-02-16T10:47:31","slug":"sop-and-cors","status":"publish","type":"post","link":"http:\/\/www.max-sperling.bplaced.net\/?p=13555","title":{"rendered":"SOP and CORS"},"content":{"rendered":"<p><strong>Comparison<\/strong> (of SOP and CORS)<\/p>\n<table style=\"text-align: center;\">\n<colgroup>\n<col style=\"width: 20%;\">\n<col style=\"width: 40%;\">\n<col style=\"width: 40%;\">\n  <\/colgroup>\n<tr>\n<th><\/th>\n<th>SOP (Same-origin policy)<\/th>\n<th>CORS (Cross-origin resource sharing)<\/th>\n<\/tr>\n<tr>\n<td>What?<\/td>\n<td colspan = \"2\">A Security feature enforceable by the web browser.<\/td>\n<\/tr>\n<tr>\n<td>How?<\/td>\n<td colspan = \"2\">Prevents an origin to read data from another origin.<\/td>\n<\/tr>\n<tr>\n<td>For all?<\/td>\n<td>Yes.<\/td>\n<td>Depends on the allowed origin list in the HTTP-Header from the web server.<\/td>\n<\/tr>\n<\/table>\n<hr>\n<p><strong>Gameplan<\/strong> (of modern web browsers)<\/p>\n<ul>\n<li>Try CORS if that isn&#8217;t possible, cause the web server isn&#8217;t supporting it, stick to SOP.<\/li>\n<\/ul>\n<hr>\n<p><strong>Issue<\/strong> (of both mechanisms)<\/p>\n<ul>\n<li>An origin can still send data to another origin, so be aware of CSRF attacks.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Comparison (of SOP and CORS) SOP (Same-origin policy) CORS (Cross-origin resource sharing) What? A Security feature enforceable by the web<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[55],"tags":[],"_links":{"self":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/13555"}],"collection":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13555"}],"version-history":[{"count":1,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/13555\/revisions"}],"predecessor-version":[{"id":16831,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/13555\/revisions\/16831"}],"wp:attachment":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13555"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}