0:01 Introduction 2:10 What is an origin? 3:13 What is the same origin? 4:18 Same-origin policy 19:53 Why is same-origin policy important? 20:57 How does it apply to ___ ? 21:54 How does SOP apply to anchors? 22:28 How does SOP appy to forms? 24:54 How does SOP apply to images? 25:51 How does SOP apply to CSS? 27:32 How does SOP apply to JavaScript includes? 28:58 How does SOP apply to JSONP? 31:55 How does SOP apply to web storage? 34:40 How does SOP apply to cookies? 38:31 How does SOP apply to windows, frames and s? 40:36 How does SOP apply to XMLHttpRequest? 43:49 How does SOP apply to Java, Flash, PDF, Silverlight? 45:10 Getting around same-origin policy 45:53 Using PostMessage to communicate between frames 52:48 Using Cross-Origin Resource Sharing (CORS) 57:48 How to? 58:52 How to: Get data from another site? 58:47 How to: Isolate user content? 1:00:19 How to: Share cookies? 1:01:31 Limitations 1:03:04 Conclusion
This was fantastic. Really long video but was so easy to watch and explained what I couldn’t grasp from 10 other 10-20 minute videos and countless documents of thousands of words. Thank you so much! Obviously solid and even casual grasp of this complex stuff
Thank you very much for this wonderful talk. Very interesting, those rules and concepts are not taught enough in web development training courses wheareas it is fundamental
It's really unclear how you're opening a new window at 11:22. You don't execute any JavaScript, but new tab/window somehow opens. Are you repeating last executed command? it's not visible.
So, you mention HTTP POST loading a new/different context.. but wouldn't that be true for the GET as well? GET actually gets the fresh new document each time it's invoked.. and that new document is rendered into browser. I'm almost certain it should also load into a new/different context. Am I wrong?