Same Origin Policy question

Discussion of the technology underlying the eValid solution.

Same Origin Policy question

Postby TCaruso » Fri Feb 10, 2017 12:20 pm

Afternoon.

How does eValid escape the requirements of the "same origin policy"?

Seems like this might be falling into a grey area, please explain?

Thanks
TCaruso
 
Posts: 1
Joined: Fri Feb 10, 2017 12:16 pm

Re: Same Origin Policy question

Postby eValid » Mon Feb 13, 2017 12:45 pm

TCaruso wrote:Afternoon.

How does eValid escape the requirements of the "same origin policy"?

Seems like this might be falling into a grey area, please explain?

Thanks


Thanks for posting TCaruso.

The "Same Origin Policy" is a cornerstone of web application security.

Here is a detailed explanation:

https://en.wikipedia.org/wiki/Same-origin_policy

Basically, this means that your web page can only execute scripts that originate from the "same origin" as the page from which the page itself came.

This means that you can't put a JavaScript passage in a page from sever A and expect it to run on a page delivered from serve B.

(We won't discuss how this is bad, but it would be pretty bad if you could do this!)

eValid, however, is different and doesn't need to abide by these rules.

We built eValid as a separate browser and because its purpose is a test tool we arranged things in eValid architecture to allow a tester to navigate, using the browser DOM's API, just the way a browser does.

You can think of eValid as built "around" a browser.

You can't have the browser run a script that didn't originate from the same origin as the page, but eValid does not achieve automated playback using JavaScript.

That's the trick.

eValid drives the browser from the outside.

-- eValid Support
eValid
 
Posts: 2392
Joined: Tue Jan 01, 2008 12:48 pm
Location: USA


Return to Technology

Design Downloaded from free phpBB templates | free website templates | Free Web Buttons