Simple example for why Same Origin Policy is needed

前端未结

关注

 2  1215

无人共我 2020-12-02 20:35

I\'ve read about Same Origin Policy, but for a better understanding of the matter: could anyone please write a simple code (in any language) that will demonstra

2条回答

[愿得一人] (楼主)

2020-12-02 21:17
The Javascript code changes the form's action property (the destination, in a matter of speaking), so when you submit the form, you send your credentials to me, not your bank.

If I set up a PHP script on my server that redirects you to your bank, you won't even notice it.

With Same Origin Policy, this attack isn't possible. A site on my domain cannot read or modify the contents of the bank's website.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...