Solution Review: Same Origin Policy
In this lesson, we will discuss the solutions to the questions in the previous lesson.
Question 1: Solution review #
Explanation #
The same-origin policy checks if two URLs have the same origin. It ensures that a script from one page can only access data from another page if it is of the same origin; hence, Options A & D are incorrect.
It is a critical security measure to isolate any malicious documents and to prevent any malicious script from injecting itself into another website/webpage. This is also known as the cross-site scripting attack.
According to the explanation above, you can see that both Options B & C are correct.
Question 2: Solution review #
Explanation #
For a URL to pass the origin comparison with another URL, the same-origin policy checks for the following:
-
Both the URLs should have the same hostname; hence, Option A is correct.
-
Both the URLs should have the same port number (if specified); hence, Option B is correct.
-
Both the URLs should have the same protocol (Http or Https); hence, Option C is correct.
Since all three Options A, B, & C are correct, this means Option G is the correct choice.