A foundational overview of Same-Origin Policy (SOP) and Cross-Origin Resource Sharing (CORS) as browser security mechanisms. Covers the history of SOP from Netscape Navigator in 1995, how CORS relaxes SOP restrictions, common CORS misconfiguration vulnerabilities (reflected origins, whitelist parsing errors, null origin whitelisting), and practical prevention guidelines including avoiding wildcards, validating origins, and not treating CORS as a substitute for server-side security.
Table of contents
Vulnerabilities arising from CORS configuration issuesGet PriOFF ’s stories in your inboxSort: