Search This Blog

Friday, November 23, 2018

The web's security model is rooted in the same-origin policy.

Code from https://i88.ca should only have access to https://i88.ca's data, and https://hdgem.com should certainly never be allowed access. Each origin is kept isolated from the rest of the web, giving developers a safe sandbox in which to build and play.