Question about same origin policy
Posted: Thu Sep 29, 2016 3:49 pmEvening.
Question:
Does eValid respect the same origin policy or not?
Thanks
Question:
Does eValid respect the same origin policy or not?
Thanks
MDaniels wrote:Evening.
Question:
Does eValid respect the same origin policy or not?
Thanks
Thanks for posting MDaniels.
You're referring to one of the key security policies for browsers, described here in a Wikipedia Article:
http://en.wikipedia.org/wiki/Same-origin_policy
Basically, what this says is that your current browser can only execute JavaScript that matches the origin on the page you are currently working.
This prevents some very simple to implement and very dangerous kinds of phishing or spoofing, in a very effective way.
This is true because, with this policy in place, no JavaScript can run in the current page unless that JavaScript's origin is the same as the current page.
But there are exceptions to this, and there are many of them.
The basic one is that, if YOU give permission to your browser then it CAN violate the same-origin policy.
This is in fact the case with eValid: by using eValid as a product you give the product permission to do a full range of things that your regular browser wouldn't be able to do.
In fact, this is one of eValid's strengths, that it does not, as a product, have to specifically abide by same-origin constraints!
-- eValid Support