TCaruso wrote:Afternoon.
How does eValid escape the requirements of the "same origin policy"?
Seems like this might be falling into a grey area, please explain?
Thanks
Thanks for posting TCaruso.
The "Same Origin Policy" is a cornerstone of web application security.
Here is a detailed explanation:
https://en.wikipedia.org/wiki/Same-origin_policyBasically, this means that your web page can only execute scripts that originate from the "same origin" as the page from which the page itself came.
This means that you can't put a JavaScript passage in a page from sever A and expect it to run on a page delivered from serve B.
(We won't discuss how this is bad, but it would be pretty bad if you could do this!)
eValid, however, is different and doesn't need to abide by these rules.
We built eValid as a separate browser and because its purpose is a test tool we arranged things in eValid architecture to allow a tester to navigate, using the browser DOM's API, just the way a browser does.
You can think of eValid as built "around" a browser.
You can't have the browser run a script that didn't originate from the same origin as the page, but eValid does not achieve automated playback using JavaScript.
That's the trick.
eValid drives the browser from the outside.
-- eValid Support
Posted: Fri Feb 10, 2017 12:20 pm