Browser - Same Origin Policy
> (World Wide) Web - (W3|WWW) > Web - Browser
Table of Contents
1 - About
User agents (such as browser) commonly apply same-origin
restrictions to network requests.
The browser enforces the Same-Origin Policy.
A request that is not a same-origin
request is called a cross origin request.
These restrictions prevent a client-side web application (mainly the browser) running from one origin from obtaining data retrieved from another origin, and also limit unsafe HTTP requests that can be automatically launched toward destinations that differ from the running application's origin.
Although some validation and authorization can be performed by the server, it is the browser's responsibility to honor the restrictions
Websites cannot access each other’s data inside the browser thanks to the Same-Origin Policy
2 - Articles Related
3 - Management
3.1 - Same
3.2 - Remove
To remove this policy, see Browser - Cross Origin Resource Sharing (CORS)
4 - Note
with Site Isolation (ie process isolation), it’s much more difficult for a malicious website to use speculative side-channel attacks like Spectre to steal data from other sites.